SAML Integration for Single Sign-On Purpose

What is SAML ?

The Security Assertion Markup Language (SAML) standard defines a framework for exchanging security information between online business partners.

It was developed by the Security Services Technical Committee (SSTC), and building on these initial contributions, in November 2002 OASIS (the Organization for the Advancement of Structured Information Standards) announced the Security Assertion Markup Language (SAML) V1.0 specification as an OASIS Standard.

Why is SAML needed for exchanging security information?

There are several drivers behind the adoption of the SAML standard, including:

  • Single Sign-On:
    Over the years, various products have been marketed with the claim of providing support for web-based SSO.
    These products have typically relied on browser cookies to maintain user authentication state information.
    However, since browser cookies are never transmitted between DNS domains,
    the authentication state information in the cookies from one domain is never available to another domain.
    SAML solves the multi-domain SSO problem by providing a standard vendor-independent grammar and protocol for transferring information about a user from one web server to another independent of the server DNS domains.
  • Federated identity:
    When online services wish to establish a collaborative application environment for their mutual users, not only must the systems be able to understand the protocol syntax and semantics involved in the exchange of information; they must also have a common understanding of who the user is that is referred to in the exchange.
    Users often have individual local user identities within the security domains of each partner with which they interact.
    Identity federation provides a means for these partner services to agree on and establish a common, shared name identifier.
  • Web services and other industry standards:
    SAML allows for its security assertion format to be used outside of a “native” SAML-based protocol context.
    This modularity has proved useful to other industry efforts addressing authorization services, identity frameworks, web services, etc.
    The OASIS WS-Security Technical Committee has defined a profile for how to use SAML’s rich assertion constructs within a WS-Security security token that can be used, for example, to secure web service SOAP message exchanges.

United Networks and the SAML

In partnership with the Toyota Europe team, we have during the month of February 2020 finalized the update of the Single Sign-On authentification system for the tyre selling portal of Wyz Group for Toyota Sweden.
We were already using SAML technology on Toyota, but the exchanges are now upgraded with the new authentification server  (CA SSO SiteMinder) to a new and more secured version !
The users of the TyrePortal of Toyota Sweden, as it was done previously for Toyota France, are logged-in with the very last version of SAML 2.0 with OASIS standards and integrated signatures.

Note that Toyota wasn’t the first platform on which we implemented SAML amongst tyres selling platforms, but it was the more advanced installation !