Friday 27 February 2015

SAML Interview Questions and Answers

Security Assertion Markup Language (SAML, pronounced sam-el) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

SAML is a product of the OASIS Security Services Technical Committee.

From: http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language




Question: What is full form of SAML?
Security Assertion Markup Language


Question: What is SAML?
SAML is XML based data format for exchanging authentication and authorization information between two domains.


Question: Is it Open Standard?
Yes, It is.


Question: Why SAML is designed?
It is designed for Authentication and Authorization to business-to-business (B2B) and business-to-consumer(B2C) clients.


Question: What are three assertions in SAML?
Authentication, Attribute, Authorization.


Question: What is Difference between Authentication, Attribute and Authorization?
Authentication validates the user's identity whether user is valid OR Not.
Attribute assertion contains specific information about the particular user.
Authorization identifies whether user have specific permission or not, after the successful authentication.


Question: With which protocol SAML works?
  • Hypertext Transfer Protocol (HTTP)
  • Simple Mail Transfer Protocol (SMTP)
  • File Transfer Protocol (FTP)
  • BizTalk
  • Electronic Business XML (ebXML)


Question: What is latest Version of SAML?
SAML 2.0 became an OASIS Standard in March 2005.


Question: What is differences between V2.0 and V1.1?
SAML 2.0 and SAML 1.1 are substantial. Although the two standards address the same use case, SAML 2.0 is incompatible with its predecessor.


Question: What are Main Features of SAML?
Following are main features of SAML
  • Seamless integration
  • Exchange of information among different security domains
  • Backoffice Transaction.
  • Single-Sign-On – user's ability to authenticate in one security domain and to use the protected resources of another security domain.
  • XML-based framework for security-related sharing information over Internet.
  • Question: What is similar between OpenID and SAML? SAML2 and OpenID are for authentication/Authorization


Question: What is the difference between OpenID and SAML?
Following are difference between OpenId and SAML

  • SAML2 supports single sign-out but OpenID does not support single sing out.
  • SAML2 has different bindings while the only binding OpenID has is HTTP.
  • SAML2 can be Service Provider (SP) OR Identity Provider (IdP) initiated. But OpenID always SP initiated.
  • SAML 2 is based on XML while OpenID is not.