SAML 2.0
Security Assertion Markup Language — the dominant enterprise SSO federation protocol since the mid-2000s, defined by OASIS. SAML 2.0 uses XML-signed assertions to communicate user identity from an Identity Provider (IdP) to a Service Provider (SP). The flow:
1. User attempts to access the SP (e.g., AE Guardian) 2. SP redirects browser to IdP with an AuthnRequest 3. IdP authenticates the user (against AD / Entra / OAM / etc.) 4. IdP posts a signed SAML Response to the SP's ACS (Assertion Consumer Service) URL 5. SP validates the signature, extracts claims (Name ID, attributes), logs the user in
AE Guardian acts as the SAML Service Provider in all 5 SSO connectors (adfs-sso, okta-sso, azure-sso, microsoft-entra-id-sso, ping-federate-sso). Despite the existence of newer oidc, SAML 2.0 remains the dominant federation protocol in enterprise deployments — primarily because customer policies and certifications were written around SAML in the 2010s and have not been updated.
Bindings: HTTP-Redirect (for AuthnRequest), HTTP-POST (for Response), SOAP (for Artifact), Artifact (rarely used).
What other systems call it
Per-vendor / per-standard terminology for this same concept.
| System | Term / Notes |
|---|---|
| STStandards | OASIS SAML 2.0 Core / Bindings / Metadata |
| OKOkta | Configured as a SAML 2.0 Application in Okta admin console |
| MEMicrosoft Entra ID | Configured as a non-gallery Enterprise Application in Entra admin |
Used by 10 connectors
Connectors in the catalog that reference this concept.