Friday, 27 February 2015

SAML Interview Questions and Answers

Security Assertion Markup Language (SAML, pronounced sam-el) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

SAML is a product of the OASIS Security Services Technical Committee.


Question: What is full form of SAML?
Security Assertion Markup Language

Question: What is SAML?
SAML is XML based data format for exchanging authentication and authorization information between two domains.

Question: Is it Open Standard?
Yes, It is.

Question: Why SAML is designed?
It is designed for Authentication and Authorization to business-to-business (B2B) and business-to-consumer(B2C) clients.

Question: What are three assertions in SAML?
Authentication, Attribute, Authorization.

Question: What is Difference between Authentication, Attribute and Authorization?
Authentication validates the user's identity whether user is valid OR Not.
Attribute assertion contains specific information about the particular user.
Authorization identifies whether user have specific permission or not, after the successful authentication.

Question: With which protocol SAML works?
  • Hypertext Transfer Protocol (HTTP)
  • Simple Mail Transfer Protocol (SMTP)
  • File Transfer Protocol (FTP)
  • BizTalk
  • Electronic Business XML (ebXML)

Question: What is latest Version of SAML?
SAML 2.0 became an OASIS Standard in March 2005.

Question: What is differences between V2.0 and V1.1?
SAML 2.0 and SAML 1.1 are substantial. Although the two standards address the same use case, SAML 2.0 is incompatible with its predecessor.

Question: What are Main Features of SAML?
Following are main features of SAML
  • Seamless integration
  • Exchange of information among different security domains
  • Backoffice Transaction.
  • Single-Sign-On – user's ability to authenticate in one security domain and to use the protected resources of another security domain.
  • XML-based framework for security-related sharing information over Internet.
  • Question: What is similar between OpenID and SAML? SAML2 and OpenID are for authentication/Authorization

Question: What is the difference between OpenID and SAML?
Following are difference between OpenId and SAML

  • SAML2 supports single sign-out but OpenID does not support single sing out.
  • SAML2 has different bindings while the only binding OpenID has is HTTP.
  • SAML2 can be Service Provider (SP) OR Identity Provider (IdP) initiated. But OpenID always SP initiated.
  • SAML 2 is based on XML while OpenID is not.


Irene Hynes said...

Hi Bro,

Hip Hip Hooray! I was always told that slightly slow in the head, a slow learner. Not anymore! It’s like you have my back. I can’t tell you how much I’ve learnt here and how easily! Thank you for blessing me with this effortlessly ingestible digestible content.

I have a question,

In Angular 2, How can we get the user name of the logged in user.

I log in to the windows computer with the network credentials. So how can i get the user name in angular application. If we can directly get user name in angular2. what is the application solution to implement using angular2.

Super likes !!! for this amazing post. I thinks everyone should bookmark this.

Many Thanks,
Irene Hynes

anushri said...

I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.

Post a Comment