Terms and definitions
14.1. SAML terms and definitions
artifact, SAML
A SAML artifact is a unique identifier used to pass a SAML assertion from the identity provider (IDP) to the service provider (SP) by reference. It is used in the SAML artifact binding protocol.
assertion, SAML
A SAML assertion is a cryptographically secure XML structure bearing identity information. It is issued by the SAML identity provider (IDP) and transmitted to the SAML service provider (SP).
AuthnRequest, SAML
AuthnRequests are used in the SAML single sign-on protocol. AuthnRequests are sent by the SAML service provider (SP) to the SAML identity provider (IDP) to request the IDP to authenticate an end-user.
circle of trust, CoT, SAML
The term circle of trust (CoT) is used in the SAML protocol to group one or more identity providers (IDPs) and service providers (SPs) that share authentication information.
identity provider, IDP
An identity provider is a service that maintains and manages identity information and provides information about users and authentication to other systems. Airlock IAM is the recommended IDP for other components of the Airlock Secure Access Hub and other services.
IDP-initiated SSO, SAML
An IDP-initiated single sign-on is a SAML sign-in flow that is triggered by the identity provider (IDP) rather than the service provider (SP).
RelayState, SAML
A SAML RelayState is a parameter that can be attached to a SAML request or response. It is used to transport additional state information from the SAML service provider (SP) to the SAML identity provider (IDP) and back again to the SP.
The IDP receives the RelayState parameter and sends it back to the SP. The RelayState is typically used to associate the initially requested URL with the SAML sign-in process so the SP can use the information after login.
Security Assertion Markup Language, SAML
SAML is an XML-based framework for cross-domain single sign-on. SAML is an open standard defined by OASIS.
service provider, SP
A service provider (or SP) is an entity receiving identity information from an identity provider (or IDP). The term service provider is especially used in SAML. In OAuth and OIDC, the terms client and relying party are used instead,
SP-initiated SSO, SAML
An SP-initiated single sign-on is a SAML sign-in flow that is triggered by the service provider (SP). When trying to access a protected resource on the SP, the SP redirects the end-user's browser to the IDP for authentication.
single logout (SLO), SAML
SAML single logout (SLO) is a SAML flow that allows users to log out from all related sessions of a SAML single login.