SAML website screenshot

SAML

SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between identity providers and service providers. Ratified as an OASIS Standard in March 2005, SAML 2.0 enables single sign-on (SSO) across different applications and domains, reducing the need for users to manage multiple sets of credentials. It uses XML digital signatures and encryption to secure assertions exchanged between Identity Providers (IdP) and Service Providers (SP).

1 APIs 0 Features
AuthenticationAuthorizationFederationIdentity ManagementOpen StandardSecuritySingle Sign-OnSSOXML

APIs

SAML 2.0 SSO HTTP Bindings API

API specification for SAML 2.0 Single Sign-On HTTP bindings including the HTTP Redirect Binding and HTTP POST Binding for AuthnRequest and Response exchange, Assertion Consumer ...

Collections

Pricing Plans

Saml Plans Pricing

3 plans

PLANS

Rate Limits

Saml Rate Limits

5 limits

RATE LIMITS

FinOps

Saml Finops

FINOPS

Semantic Vocabularies

Saml Context

7 classes · 35 properties

JSON-LD

API Governance Rules

SAML API Rules

9 rules · 2 errors 5 warnings 2 info

SPECTRAL

JSON Structure

Saml Assertion Structure

0 properties

JSON STRUCTURE

Example Payloads

Saml Sso Redirect Example

4 fields

EXAMPLE

Resources

🔗
SAML 2.0 OASIS Standard
Documentation
🔗
SAML 2.0 Technical Overview
Documentation
🔗
SAML 2.0 Core Specification
Documentation
🔗
SAML 2.0 Bindings Specification
Documentation
🔗
SAML 2.0 Profiles Specification
Documentation
🔗
SAML 2.0 EntityDescriptor Metadata
JSONSchema
🔗
SAML 2.0 AuthnRequest
JSONSchema
🔗
SAML 2.0 Assertion
JSONSchema
🔗
SAML 2.0 JSON-LD Context
JSONLDContext
🔗
SAML 2.0 Assertion Structure
JSONStructure
🔗
SAML API Spectral Rules
SpectralRules
💻
SAML SSO HTTP Redirect Binding Example
Examples
🔗
SAML 2.0 Vocabulary
Vocabulary

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: SAML 2.0 SSO HTTP Bindings
  version: 1.0.0
items:
- info:
    name: SSO
    type: folder
  items:
  - info:
      name: SSO HTTP Redirect Binding
      type: http
    http:
      method: GET
      url: https://idp.example.com/saml/sso/redirect
      params:
      - name: SAMLRequest
        value: ''
        type: query
        description: The deflated, base64-encoded, and URL-encoded SAML AuthnRequest XML message. The message MUST be deflated
          using the DEFLATE compression method (RFC 1951) before base64 encoding.
      - name: RelayState
        value: ''
        type: query
        description: An opaque reference to state information maintained at the Service Provider. The value MUST NOT exceed
          80 bytes in length and MUST be integrity-protected by the entity creating it.
      - name: SigAlg
        value: ''
        type: query
        description: The URI identifying the signature algorithm used to sign the request. Required when the request is signed.
      - name: Signature
        value: ''
        type: query
        description: The base64-encoded and URL-encoded signature value computed over the SAMLRequest, RelayState (if present),
          and SigAlg query string parameters.
    docs: Initiates SAML 2.0 Single Sign-On using the HTTP Redirect Binding (Section 3.4 of saml-bindings-2.0-os). The AuthnRequest
      is encoded, deflated, and base64-encoded as a query parameter. The Identity Provider processes the request and responds
      with an authentication challenge or redirects back to the Service Provider with a SAML Response.
  - info:
      name: SSO HTTP POST Binding
      type: http
    http:
      method: POST
      url: https://idp.example.com/saml/sso/post
      body:
        type: form-urlencoded
        data: []
    docs: Processes a SAML 2.0 AuthnRequest or Response using the HTTP POST Binding (Section 3.5 of saml-bindings-2.0-os).
      The SAML message is base64-encoded and submitted as a form parameter. This binding is typically used for the SAML Response
      from the Identity Provider to the Service Provider Assertion Consumer Service (ACS) URL.
  - info:
      name: Assertion Consumer Service (ACS)
      type: http
    http:
      method: POST
      url: https://idp.example.com/saml/acs
      body:
        type: form-urlencoded
        data:
        - name: SAMLResponse
          value: ''
        - name: RelayState
          value: ''
    docs: The Assertion Consumer Service endpoint at the Service Provider receives and processes SAML Responses from the Identity
      Provider via the HTTP POST Binding. Validates the SAML Response, extracts the authentication assertion, and establishes
      a local security context for the user.
- info:
    name: SLO
    type: folder
  items:
  - info:
      name: SLO HTTP Redirect Binding
      type: http
    http:
      method: GET
      url: https://idp.example.com/saml/slo/redirect
      params:
      - name: SAMLRequest
        value: ''
        type: query
        description: The deflated, base64-encoded LogoutRequest message. Either SAMLRequest or SAMLResponse MUST be present.
      - name: SAMLResponse
        value: ''
        type: query
        description: The deflated, base64-encoded LogoutResponse message. Either SAMLRequest or SAMLResponse MUST be present.
      - name: RelayState
        value: ''
        type: query
        description: Opaque state information maintained between request and response.
      - name: SigAlg
        value: ''
        type: query
        description: URI identifying the signature algorithm.
      - name: Signature
        value: ''
        type: query
        description: Base64-encoded signature over the query string parameters.
    docs: Initiates or processes a SAML 2.0 Single Logout request or response using the HTTP Redirect Binding. Terminates
      sessions at the Identity Provider and participating Service Providers.
- info:
    name: Metadata
    type: folder
  items:
  - info:
      name: SAML 2.0 Metadata Endpoint
      type: http
    http:
      method: GET
      url: https://idp.example.com/saml/metadata
    docs: Returns the SAML 2.0 metadata document for the entity (Identity Provider or Service Provider) as defined in the
      OASIS SAML 2.0 Metadata specification (saml-metadata-2.0-os). The metadata document describes the entity's supported
      bindings, endpoints, certificates, and capabilities.
bundled: true