SAML

SAML (Security Assertion Markup Language) defines how a trusted identity provider (IdP) can issue signed XML assertions describing a user's identity and attributes to a service provider (SP), enabling web single sign-on across security domains. The most widely used version, SAML 2.0, supports browser-redirect and POST bindings; the SP validates the assertion's signature, audience and time conditions before establishing a session. SAML remains dominant in enterprise SSO because of its rich attribute model and mature tooling, but it is verbose, hard to use on mobile and APIs, and prone to misconfiguration (XML signature wrapping attacks, missing audience checks). For new integrations OpenID Connect is often preferred.