The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.


SAML is defined in terms of assertions, protocols, bindings, and profiles.

The core of the SAML specification defines how the SAML requests and responses are
transported, however, a number of use cases have been developed that require the formulation of profiles that define how the SAML assertions, protocols and bindings are combined.

Generally, a profile of SAML defines constraints and/or extensions in support of the usage of SAML for a particular application – the goal being to enhance interoperability by removing some of the flexibility inevitable in a general-use standard. For instance, the Web Browser SSO Profile specifies how SAML authentication assertions are communicated between an identity provider and service provider to enable single sign-on for a browser user.

SAML Profiles include:

Web Browser SSO Profile: Defines how a Web Browser supports SSO, when using
<AuthnRequest> protocol messages in combination with HTTP Redirect, HTTP POST and
HTTP Artifact bindings

Enhanced Client and Proxy (ECP) Profile: Defines how <AuthnRequest> protocol
messages are used when combined with the Reverse-SOAP binding (PAOS). Designed to
support mobile devices front-ended by a WAP gateway

Identity Provider Discovery Profile: Defines how a service provider can discover which
identity providers a principal is using with the Web Server

Single Logout Profile: A profile of the SAML Single Logout protocol is defined. Defines how
SOAP, HTTP Redirect, HTTP POST and HTTP Artifact bindings may be used.

Name Identifier Management Profile: Defines how the Name Identifier Management protocol
may be used with SOAP, HTTP Redirect, HTTP POST and HTTP Artifact bindings.

Artifact Resolution Profile: Defines how the Artifact Resolution protocol uses a synchronous
binding, for example the SOAP binding.

Assertion Query/Request Profile: Defines how the SAML query protocols (used for obtaining
SAML assertions) use a synchronous binding such as the SOAP binding.

Name Identifier Mapping Profile: Defines how the Name Identifier Mapping protocol uses a
synchronous binding such as the SOAP binding.


See also:

- SAML Executive Overview
- SAML Technical Overview Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I