SAML Artifact Authentication

Yoono, People Powered
SAML
Sets of rules describing how to embed and extract SAML assertions into a framework or protocol are
called profiles of SAML. A profile describes how SAML assertions are embedded in or combined with
other objects (for example, files of various types, or protocol data units of communication protocols) by an
originating party, communicated from the originating site to a destination, and subsequently processed at
the destination. A particular set of rules for embedding SAML assertions into and extracting them from a
specific class of <FOO> objects is termed a <FOO> profile of SAML.

Two HTTP-based techniques are used in the web browser SSO profiles for conveying information from
 one site to another via a standard commercial browser.
 • SAML artifact: A SAML artifact of “small” bounded size is carried as part of a URL query string such
that, when the artifact is conveyed to the source site, the artifact unambiguously references an
assertion. The artifact is conveyed via redirection to the destination site, which then acquires the
referenced assertion by some further steps. Typically, this involves the use of a registered SAML
protocol binding. This technique is used in the browser/artifact profile of SAML.
 • Form POST: SAML assertions are uploaded to the browser within an HTML form and conveyed to
the destination site as part of an HTTP POST payload when the user submits the form. This
technique is used in the browser/POST profile of SAML.
Cookies are not employed in any profile, as cookies impose the limitation that both the source and
destination site belong to the same "cookie domain."