SAML (Security Assertion Markup Language)

It’s been a while since I’ve posted something with my techie hat on, so I decided to share couple diagrams I’ve created to explain how SAML works for those who may not know what SAML is and are wondering. 🙂 Hope you find it useful.

SAML, Single Sign On

What is SAML (Security Assertion Markup Language)?

  • It’s an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
  • Wikipedia: SAML

Let’s break it down a bit!

  • XML (Extensible Markup Language) standard
    • Extensible
      • In Information Technology, we say something is “extensible” if it’s designed so that users or developers can expand it’s capabilities.
      • It’s different from HTML, XML doesn’t use pre-defined tags. You can define tags and use it.
    • Markup
    • Language
      • It’s like HTML, but not the same.
        • HTML was designed to display data with focus on how data looks
        • XML was designed to store and carry data with focus on what the data is.
  • Authentication
    • Verifying that somebody really is who they claims to be using their credentials.
    • i.e., Who are you? Please provide your username and password, so I can verify who you are.
  • Authorization
    • Checking permissions (what you are allowed to do)
    • For example, in WordPress sites, what you are allowed to do is determined by the user role that is associated with your account.
  • Identity Provider
    • In my diagram, it is EmpowerID platform.
    • EmpowerID is an identity management system.
    • Identity management refer to as the task of controlling information about users which includes user’s username and password.
  • Service Provider
    • In my diagram, it is a WordPress site.
    • WordPress is an online content management system.
    • Content management refer to as the task of managing content of a website.

So, what am I trying to do here?

  • I want users to be able to log into my WordPress site to manage content by proving who they are to EmpowerID. In another word, when users try to log into my WordPress site, I am asking WordPress site to direct users to EmpowerID to verify they are really who they claims to be.
  • Using more technical terms, “I am going to configure SAML to allow an online service provider (WordPress) to contact a separate online identity provider (EmpowerID) to authenticate users.”.


Hope this is somewhat useful for those who may be looking for some information on SAML/Single-Sign-On/WordPress/EmpowerID.

Please leave me a message if you have any questions!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s