Most frequently asked SAML Interview Questions
- What is SAML?
- What are the main features of SAML?
- What is Authentication in SAML?
- What is Authorization in SAML?
- On which protocols does SAML work?
- What is Single Sign-On?
- What are benefits of using SAML?
- What is the major difference between SAML and OAuth?
- What are advantages of using SAML?
- What is difference between Authentication, Attribute And Authorization?
- With which protocol Saml works?
- Where is Saml being standardized?
- What's the difference between ADFS, WIF, WS Federation, SAML, and STS?
- How does SAML encryption work?
- How is trust established between a Client and a Saml Authority?
- Where is SAML used?
What is SAML?
- Security Assertion Markup Language (SAML) is an XML-based framework used to authorize, authenticate and communicate attributes and privileges of a user.
- It provides numerous benefits to enterprises, organizations and governments.
What are the main features of SAML ?
- Seamless integration
- Security domains can exchange information.
- Backoffice Transaction.
- Single-Sign-On can be performed that is the ability to authenticate in one security domain and to use the protected resources of another security domain.
- XML-based framework for security sharing information over Internet.
What is Authentication in SAML?
- Authentication is to determine the users who they claim to be.
- It validates the user's identity and decides if the user is valid or not.
What is Authorization in SAML?
- Authorization is to determine whether the users have the right to access certain systems or content
- It identifies that the user has specific permission or not after successful authentication.
On which protocols does SAML work?SAML works on following protocols:
- Hypertext Transfer Protocol (HTTP)
- Simple Mail Transfer Protocol (SMTP)
- File Transfer Protocol (FTP)
- Electronic Business XML
What is Single Sign-On ?
- Single Sign on is the process of logging into one site and then getting logged into another site based on your login to first site.
- Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems.
What are benefits of using SAML?
- It offers many benefits such as:
- No need to provide credentials again and again.
- SAML messages are secured using the latest encryption.
- SAML sessions can be re-validated at the IdP/SP to check if the session is timed out.
- Additional information can be provided to provide more information about the user.
- Improved online experience for end users.
What is the major difference between SAML and OAuth ?
- SAML which stands for Security Assertion Markup Language is an umbrella standard that encompasses profiles, bindings and constructs to achieve Single Sign On (SSO), Federation and Identity Management.
- OAuth i.e Open Authorization is a standard for authorization of resources. It does not deal with authentication.
What are advantages of using SAML?
- Standardized: The SAML standardized format designed to be compatible with any device that is independent of implementation.
- Improved users experiance: SAML uses SSO (Single sign ons), which implies single page used for user signups from which users can access all the applications of a particular website. For example, Google users can access its applications YouTube, Gmail, Drive by the method of SSO.
- Security: SAML provide a single point of authentication at a secure identity provider. It implies that user credentials never leave the firewall boundary, and then SAML is used to confirm the identity to others.
What is difference between Authentication, Attribute And Authorization?Authentication validates the user's identity whether user is valid OR Not.
Attribute assertion contains specific information about the particular user.
Authorization identifies whether user have specific permission or not, after the successful authentication.
With which protocol Saml works?The four major components of Kafka are:
- Hypertext Transfer Protocol
- Simple Mail Transfer Protocol
- File Transfer Protocol
- Electronic Business XML
Where is Saml being standardized?SAML is being developed under the auspices of OASIS, the Organization for the Advancement of Structured Information Standards.
OASIS has long been a home for development of XML languages and protocols. OASIS hosts several other efforts to standardize security-related information, such as XACML. Many members of the SAML Technical Committee also take part in related standards work in other venues, such as W3C, IETF, and the committee has liaison relationships with many of these efforts.
What's the difference between ADFS, WIF, WS Federation, SAML, and STS?WIF is a .NET library that allows ASP.NET to implement this outsourcing.
It talks to an STS which authenticates against an identity repository and provides authorization information in the form of claims. An STS provides a set of signed, trusted claims.
The protocol used between WIF and ADFS is WS-Federation.
If the STS was Java based (e.g Ping Identity or OpenAM), then WIF would use the SAML protocol for communication. ADFS also supports SAML to enable federation.
How does SAML encryption work?SAML token encryption enables the use of encrypted SAML assertions with an application that supports it. When configured for an application, Azure will encrypt the SAML assertions it emits for that application using the public key obtained from a certificate stored in Azure AD.
When encrypting SAML v2. 0 messages, the sender uses the receiver's public key to encrypt the request. The receiver decrypts it with its private key. As with signing, providers also expose in their metadata the algorithms that they can use to encrypt assertion content.
How is trust established between a Client and a Saml Authority?SAML is a very general framework which will be used in a wide variety of environments. It is up to relying parties to decide what asserting parties they trust for what purposes. For example, A might trust Company A to tell it if an individual was a Company B employee, but not to tell if the employee has a Secret Clearance. Trust relationships must be established out of band.
Where is SAML used?Most commonly used by businesses to allow their users to access services they pay for. Salesforce, Gmail, Box and Expensify are all examples of service providers an employee would gain access to after a SAML login. SAML asserts to the service provider who the user is; this is authentication.
SAML simplifies federated authentication and authorization processes for users, Identity providers, and service providers. SAML provides a solution to allow your identity provider and service providers to exist separately from each other, which centralizes user management and provides access to SaaS solutions.