A
SAML authentication authority is a system entity that produces SAML authentication assertions. Likewise a
SAML attribute authority is a system entity that produces SAML attribute assertions. A SAML authentication authority that participates in one or more SSO Profiles of SAML is called a
SAML identity provider (or simply
identity provider if the domain is understood). For example, an authentication authority that participates in SAML
Web Browser SSO is an identity provider that performs the following essential tasks: • receives a SAML authentication request from a relying on party via a web browser • authenticates the browser user principal • responds to the relying party with a SAML authentication assertion for the principal In the previous example, the relying on party that receives and accepts the authentication assertion is called a
SAML service provider. A given SAML identity provider is described by an element defined by the
SAML metadata schema. Likewise, a SAML service provider is described by an metadata element. In addition to an authentication assertion, a SAML identity provider may also include an attribute assertion in the response. In that case, the identity provider functions as both an authentication authority and an attribute authority. ==See also==