IJCSI International Journal of Computer Science Issues, Vol. 2, 2009
ISSN (Online): 1694-0784
ISSN (Print): 1694-0814
Web Single Sign-On Authentication using SAML
Kelly D. LEWIS, James E. LEWIS,
Information Security, Brown-Forman Corporation
Louisville, KY 40210, USA
Engineering Fundamentals, Speed School of Engineering, University of Louisville
Louisville, KY 40292, USA
Companies have increasingly turned to application service
providers (ASPs) or Software as a Service (SaaS) vendors to
offer specialized web-based services that will cut costs and
provide specific and focused applications to users.
complexity of designing, installing, configuring, deploying, and
supporting the system with internal resources can be eliminated
with this type of methodology, providing great benefit to
However, these models can present an
authentication problem for corporations with a large number of
external service providers.
This paper describes the
implementation of Security Assertion Markup Language
(SAML) and its capabilities to provide secure single sign-on
(SSO) solutions for externally hosted applications.
Organizations for the most part have recently started
using a central authentication source for internal
applications and web-based portals.
This single source
of authentication, when configured properly, provides
strong security in the sense that users no longer keep
passwords for different systems on sticky notes on
monitors or under their keyboards.
management and auditing of users becomes simplified
with this central store.
As more web services are being hosted by external
service providers, the sticky note problem has reoccurred
for these outside applications.
Users are now forced to
remember passwords for HR benefits, travel agencies,
expense processing, etc. - or programmers must develop
custom SSO code for each site.
Management of users
becomes a complex problem for the help desk and
custom built code for each external service provider can
become difficult to administer and maintain.
In addition, there are problems for the external service
provider as well.
Every user in an organization will need
to be set up for the service provider’s application,
causing a duplicate set of data.
Instead, if the
organization can control this user data, it would save the
service provider time by not needing to set up and
terminate user access on a daily basis.
central source would allow the data to be more accurate
Given this set of problems for organizations and their
service providers, it is apparent that a solution is needed
that provides a standard for authentication information to
be exchanged over the Internet.
Markup Language (SAML) provides a secure, XML-
based solution for exchanging user security information
between an identity provider (our organization) and a
service provider (ASPs or SaaSs).
The SAML standard