Demystifying SAML, SSO, and OAuth: Understanding Authentication and Authorization Protocols
Table of contents
Introduction
In today's digital world, where our lives depend on the multitude of online services and applications, remembering the credentials of these applications has always been trouble, and creating a different password for each and eventually we forget the password as human beings we tend to forget because of not using these applications for a long time and the hassle of forgetting and creating the new password which is very tedious!.
Everything changes after OAuth. The ease of signing up through Google, Facebook, or GitHub has revolutionized how we access services. It's incredible to click a few buttons and gain access, isn't it? But have you ever stopped to wonder what happens behind the scenes? This blog isn't about the 'how' of using OAuth to sign up; it's about the 'why' and 'what' that power these incredible mechanisms—SAML, SSO, and OAuth. Delving into the engineering brilliance that operates beneath the surface, we will unravel the intricate cogs and gears that craft secure, hassle-free digital authentication.
Understand SAML, SSO, and OAuth
What is SAML?
Security Assertion Markup Language or SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions.
Woah! Hold on! That definition was preposterous, wasn't it? But fear not; we're about to break down the intricacies of the above definition.
Understanding the Markup Language and XML
SAML is an XML-based Markup Language. For those not familiar with XML, let's break it down. Before diving into XML, it is essential to grasp the concept of Markup Language - A Markup Language is a specific type of language where the format of a text or data will be predefined and there will be a set of rules for writing and presenting the data or how the data will be presented. This ensures that data is retrieved or written in the intended format, maintaining clarity and coherence.
Consider HTML as it is a markup language where every HTML tag serves distinct purposes. Such as if we want to write the header of a file we have the header tag <h1>
and for paragraphs we have the <p>
tag. This structure ensures the data is presented as precisely as intended.
Now we know what is Markup Language. Now what is XML? XML is an acronym for Extensible Markup Language. XML is used for transmitting data over the internet which is utilized by various applications and programming languages to exchange or retrieve data from one application to another to put it simply have you ever wondered how different programming languages work together? Ever wondered how diverse programming languages collaborate and work together even when they use different languages? Well, one part of the answer lies in XML, XML is utilized by many programming languages for transmitting the data from the backend to the frontend and vice versa. The XML language cannot perform any kind of computing operations by itself instead it is used by other programming languages.
Enough beating around the bush! What is SAML?
SAML is an XML-based language that exchanges the authentication and authorization data, Now, when you sign in using platforms like 8, it's SAML that facilitates the authorization process across various applications. This interaction occurs between two distinct entities known as the Identity Provider and the Service Provider, do not worry we'll delve into those details shortly. Importantly, while SAML leverages Markup Language, specifically XML, it's essential to clarify that SAML is neither a programming language nor a markup language—it's an open standard. Now, what exactly does "open standard" mean?
When we say SAML is an open standard, we mean it's a set of rules or protocols and specifications openly available for anyone to implement and use. This openness ensures interoperability—different systems and platforms can communicate and work together seamlessly, regardless of their underlying technologies.
Now lets understand how SAML authenticate:
Now, let's zoom in on the main players in our authentication role: the Identity Provider (IdP) and the Service Provider (SP). Think of them as the gatekeepers to your digital world, ensuring only authorized users gain entry.
Identity Provider (IdP): This is like your digital ID card issuer. When you want to access a service, the IdP checks your credentials—like your username and password—to make sure it's really you. Once it's sure, the IdP creates what's called a SAML assertion. This is like a permission slip that says, "Yes, this person is who they say they are."
Service Provider (SP): Picture this as the front door to the service or app you're trying to use. The SP hosts the application and decides who gets in. When you show up with your SAML assertion from the IdP, the SP checks it to see if you're allowed inside. If everything checks out, the door swings open and you're in!
Streamlining Access with Single Sign-On (SSO)
Now, let's delve into the magic of Single Sign-On (SSO), a game-changer in the realm of user authentication. Imagine a world where you only need one key to unlock multiple doors—that's the power of SSO.
What is Single Sign-On (SSO)?:
Single Sign-On is like having a master key that grants you access to a whole bunch of different rooms without needing separate keys for each one. With SSO, you log in once, and that login gives you access to multiple services and applications without having to enter your credentials over and over again.
For an instance your google account with a single authentication you have access to your YouTube, Gmail, Drive, Keep Notes, Meet and everything that google creates and owns.
How SSO Works with SAML?
Remember the entities we have talked, the Identity Provider (IdP) and the Service Provider (SP), from earlier? Well, SSO builds upon the foundation laid by SAML to streamline the authentication process. When you log in to your organization's portal (the IdP) using SAML, you're effectively authenticating yourself for all the services connected to that portal (the SPs) in one fell swoop.
Granting Access with OAuth
Now that we've explored the wonders of Single Sign-On (SSO), let's turn our attention to another imperative player in the authentication game: OAuth. While SSO focuses on seamless access within an organization's ecosystem, OAuth extends its reach to enable controlled access to third-party services and applications.
What is OAuth?
OAuth is like a digital bouncer—it controls who gets access to your online accounts and data without needing to share your username and password. It's the technology behind those "Sign in with Google" or "Log in with Facebook" buttons you see on various websites and apps.
Key Concepts: To understand how OAuth works,
Resource Owner: That's you—the person who owns the data and controls who gets access to it.
Client: This is the application or service requesting access to your data.
Authorization Server: Think of this as the gatekeeper. It verifies your identity and grants the client permission to access your data.
Resource Server: This is where your data is stored. The client accesses your data from here once it's been authorized.
Conclusion
From the foundational role of SAML in securely exchanging authentication and authorization data to the convenience of SSO streamlining access within organizational ecosystems, and finally, to the controlled access facilitated by OAuth to third-party services, each protocol plays a unique yet complementary role in shaping the way we authenticate and access digital resources.
So, the next time you log in, grant access, take a moment to appreciate the engineering brilliance and foresight embedded within these authentication protocols.
Until next time, happy authenticating !
Subscribe to my newsletter
Read articles from Arif Shaikh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by