You're reading the entire spec, but the flow is what's trivial. 2 systems are ex... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		maxymajzr on July 29, 2019 \| parent \| context \| favorite \| on: How SAML 2.0 Authentication Works You're reading the entire spec, but the flow is what's trivial. 2 systems are exchanging info, they use cryptograhpy to assert that message is coming from a valid, registered resource and the message carrier format is XML. You ask for info, you get XML back, verify the sender and if correct trust the info is valid. That's the gist of the protocol and the tedious part is parsing the XML you receive.

kabes on July 30, 2019 [–]

The flow/concept is simple indeed. But with saml the devil is really in the details and they created way too many details by offering way to many options in the spec.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact