Introduction

The Security Assertion Markup Language (SAML) is a protocol used to communicate authentication data between two parties. SAML works really well for server-side applications, providing single sign-on (SSO) across your applications. The CoreOne Authentication Service can act as an SAML 2.0 Identity Provider or as as SAML 2.0 Service Provider, which allows you to use your existing SAML infrastructure.

SAML Identity Provider

As a SAML Identity Provider, you can allow legacy SAML applications to log in using the CoreOne Suite. In this role, you’ll have the CoreOne Suite acting in its traditional role as an authorization server/identity provider.

Using our SAML component with an OpenID Connect (OIDC), you can use both OIDC and our SAML component to implement a cross-protocol SSO. This allows some applications to authenticate with your the CoreOne Suite using SAML and others using OIDC. The user gets a single sign-on experience as both protocols use the same SSO session. This means that you can authenticate users regardless of the requesting application type and support legacy server-side applications that use SAML.

SAML Service Provider

As a SAML Service Provider, you can federate with external SAML identity providers.

In this role, you will have your application using an external identity provider for logins, much in the same way you would offer functionality such as “login using Google”. The external service holds the credentials, and you send them SAML requests.