Related concepts

This section provides general information about the technologies used in the HCL® ExperienceOne implementation of SAML 2.0 based federated single sign-on.

Security Assertion Markup Language 2.0 (SAML 2.0)

SAML 2.0 is a version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is, an identity provider, and a SAML consumer, that is, an SP. SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. For more information, see http://en.wikipedia.org/wiki/SAML_2.0.

Identity Provider (IdP)

Also known as Identity Assertion Provider, the IdP issues identification information for all SPs that interact or provide services within the system. This is achieved via an authentication module that verifies a security token as an alternative to explicitly authenticating a user within a security realm. In perimeter authentication, a user needs to be authenticated only once (single sign-on) and pass along a security token which is processed by an Identity Assertion Provider for each system it needs to access. For more information, see http://en.wikipedia.org/wiki/Identity_provider.

Public-key cryptography

Also known as asymmetric cryptography, a cryptographic algorithm that requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature. For more information, see http://en.wikipedia.org/wiki/Public-key_cryptography.