Most frequently asked SAML Interview Questions
What is SAML?
Security Assertion Markup Language (SAML) is an XML-based framework used to authorize, authenticate and communicate attributes and privileges of a user.
It provides numerous benefits to enterprises, organizations and governments.
What are the main features of SAML ?
- Seamless integration
- Security domains can exchange information.
- Backoffice Transaction.
- Single-Sign-On can be performed that is the ability to authenticate in one security domain and to use the protected resources of another security domain.
- XML-based framework for security sharing information over Internet.
What is Authentication in SAML?
- Authentication is to determine the users who they claim to be.
- It validates the user's identity and decides if the user is valid or not.
What is Authorization in SAML?
- Authorization is to determine whether the users have the right to access certain systems or content
- It identifies that the user has specific permission or not after successful authentication.
On which protocols does SAML work?
SAML works on following protocols:
- Hypertext Transfer Protocol (HTTP)
- Simple Mail Transfer Protocol (SMTP)
- File Transfer Protocol (FTP)
- Electronic Business XML
What is Single Sign-On ?
- Single Sign on is the process of logging into one site and then getting logged into another site based on your login to first site.
- Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems.
What are benefits of using SAML?
It offers many benefits such as:
- No need to provide credentials again and again.
- SAML messages are secured using the latest encryption.
- SAML sessions can be re-validated at the IdP/SP to check if the session is timed out.
- Additional information can be provided to provide more information about the user.
- Improved online experience for end users.
What is the major difference between SAML and OAuth ?
- SAML which stands for Security Assertion Markup Language is an umbrella standard that encompasses profiles, bindings and constructs to achieve Single Sign On (SSO), Federation and Identity Management.
- OAuth i.e Open Authorization is a standard for authorization of resources. It does not deal with authentication.