SAML 2.0: Technical Overview

रोजी प्रकाशित केले 12 डिसेंबर, 2019
वेळा पाहिला 104 268
9

This video will explain the basics of the SAML protocol, focusing on what an IT administrator tasked with setting up federation must know.
VMware End-User Computing (EUC) solutions empower the digital workspace by simplifying app & access management, unifying endpoint management & transforming Windows delivery. Learn more on the Digital Workspace Tech Zone: techzone.vmware.com.

VMware End-User Computing
टिप्पण्या  
  • Denis Gantsev

    Denis Gantsev

    दिवसापूर्वी

    excellent!

  • Sergio Matos

    Sergio Matos

    5 दिवसांपूर्वी

    Very nice video, easy to understand.

  • sandeep

    sandeep

    7 दिवसांपूर्वी

    This is an Great Explanation so far I have seen. I have got to know few new things after seeing this even though I am familiar about SAML before. Thank you very much.
    Just want to see how you explain differences between SAML 1.1 & 2.0
    If possible please add that one also. Thanks.

  • Pramod Kumar Talesara

    Pramod Kumar Talesara

    7 दिवसांपूर्वी

    I was able to understand everything up to 11 min but after that lost. Woul have been better if you mentiond how you did setup.

  • BẢN TIN BITCOIN HÔM NAY

    BẢN TIN BITCOIN HÔM NAY

    11 दिवसांपूर्वी

    👍👍👍

  • rohan sinha

    rohan sinha

    12 दिवसांपूर्वी

    awesome!!

  • Jose Guardiola

    Jose Guardiola

    22 दिवसांपूर्वी

    Clearest explanation I've seen. Thanks!

  • Silvio Ivaldi

    Silvio Ivaldi

    24 दिवसांपूर्वी

    I agree with other users, great and clear explanation

  • Vincent Caudo-Engelmann

    Vincent Caudo-Engelmann

    महिन्यापूर्वी

    That was excellent. Thanks for your help!

  • Integration Corner

    Integration Corner

    महिन्यापूर्वी

    Very well explained .. Thank you so much

  • Lucas Draney

    Lucas Draney

    महिन्यापूर्वी

    Lastname: NOOB
    me: -_-

  • Stefan Coetzer

    Stefan Coetzer

    महिन्यापूर्वी

    Brilliant explanation!!! TYVM

  • Ridwan

    Ridwan

    महिन्यापूर्वी

    Thank you Sir. Excellent explanation of the SAML protocol. This is one best training video on SAML. Great job. Thanks!!!

  • P̳̿͟͞a̳̿͟͞r̳̿͟͞v̳̿͟͞ ̳̿͟͞S̳̿͟͞h̳̿͟͞e̳̿͟͞t̳̿͟͞h̳̿͟͞

    P̳̿͟͞a̳̿͟͞r̳̿͟͞v̳̿͟͞ ̳̿͟͞S̳̿͟͞h̳̿͟͞e̳̿͟͞t̳̿͟͞h̳̿͟͞

    महिन्यापूर्वी

    Excellent explanation. I spent time understanding this at different places but today it made all clear. Keep it up!!

  • Selva's youtube

    Selva's youtube

    महिन्यापूर्वी

    Great and clean explanation

  • lucasjluft

    lucasjluft

    महिन्यापूर्वी

    Great video, congratulations

  • Musa Mammadov

    Musa Mammadov

    2 महिन्यांपूर्वी

    One of the best video on SAML I have seen so far. I was literally looking for a clear explanation. It cannot get any clearer than this. Good Job !!!!! +1

  • Sujay Yaji

    Sujay Yaji

    2 महिन्यांपूर्वी

    How good is this video. I spent 2 hours surfing through various articles but this video consolidates the entire SAML protocol into one well-defined video. Thanks, Peter

    • VMware End-User Computing

      VMware End-User Computing

      2 महिन्यांपूर्वी

      Many thanks for sharing, happy you found it useful.

  • Oekuez

    Oekuez

    2 महिन्यांपूर्वी

    5:44 In case of IdP initiated flow, how can a browser (user) get the assertion from IdP and send it to SP later? I think SP always needs to redirect to IdP no matter where the authentication initiated.

    • Oekuez

      Oekuez

      2 महिन्यांपूर्वी

      @VMware End-User Computing Makes sense. Thank you!

    • VMware End-User Computing

      VMware End-User Computing

      2 महिन्यांपूर्वी

      Hi.. No that is not accurate. SAML do support a pure IdP-init flow. But this often requires the IdP to also have an application catalog so the users can click on an icon to launch the app (SP). There are some variations often referred to as pseudo SP-init and pseudo IdP-init where the flow is more like how you described.

  • lachlan burnside

    lachlan burnside

    2 महिन्यांपूर्वी

    Great video!
    Just a question: for trust to be established between the Identify Provider and Service Provider, is there an initial setup or handshake between those two entities to verify that it's working? And would failures in trust be known only at runtime?

    • VMware End-User Computing

      VMware End-User Computing

      2 महिन्यांपूर्वी

      Some SPs offers a test mechanism, e.g. SFDC. But in general once you established trust (often the metadata exchange) you have to test it manually.

  • Reviews Hyd

    Reviews Hyd

    2 महिन्यांपूर्वी

    very well explained

  • Appaji Koppula

    Appaji Koppula

    2 महिन्यांपूर्वी

    Excellent video explaining fundamentals of SAML flow.

  • Supratick CBNITS

    Supratick CBNITS

    2 महिन्यांपूर्वी

    In any arbitrary coding language, how would I go about sending an AuthnRequest from SP to IDP, and get the SAMLResponse back? And then how also would I get the parse the SAMPResponse from the html form it is sent in? Any clue, guys?

  • Pruthvi Fernandes

    Pruthvi Fernandes

    3 महिन्यांपूर्वी

    Learn more on End-to-end tech implementation - Mandisa Makubalo on Engati CX : https://www.youtube.com/watch?v=KFYnHxwYSwk

  • Alberto Corisco

    Alberto Corisco

    3 महिन्यांपूर्वी

    Peter Bjork, I presume. This is by far the best SAML video I have ever seen. Thanks a lot, very clarifying and useful. If you happen to have your own channel or more videos, please tell

    • VMware End-User Computing

      VMware End-User Computing

      2 महिन्यांपूर्वी

      Many thanks, glad you liked it.. techzone.vmware.com is where I publish everything that I do.. I hope to get the time to create more technology/standards generic video.

  • hexc0de

    hexc0de

    3 महिन्यांपूर्वी

    A most excellent primer on SAML. Thank you very much!

  • Pardeep Lakhani

    Pardeep Lakhani

    3 महिन्यांपूर्वी

    Best so far, Great Job

  • Christian B.

    Christian B.

    3 महिन्यांपूर्वी

    thanks for the good explanation. i would like to know more about the signature and certificate exchange. Can anybody recommend a source ?

  • John Dee

    John Dee

    3 महिन्यांपूर्वी

    I just got done with your IAM Techincal video. Thanks for putting this up! Saved me a ton of time.

  • Abhay Singh

    Abhay Singh

    3 महिन्यांपूर्वी

    Thank you! nicely explained.

  • Darragh O'Shaughnessy

    Darragh O'Shaughnessy

    4 महिन्यांपूर्वी

    Is this correct? My understanding of SAML was that there is no communication between IDP and SP and that SAML assertions are issued to the user. You seems to keep referring to some for of communication between IDP and SP.

    • VMware End-User Computing

      VMware End-User Computing

      3 महिन्यांपूर्वी

      There is communication between SP and the IdP when using the SAML Artifact flow.. I explained both flows..

  • mohamed echate

    mohamed echate

    4 महिन्यांपूर्वी

    nice :)

  • John Ward

    John Ward

    4 महिन्यांपूर्वी

    again, perfect, awesome explanation

  • Kavish Mishra

    Kavish Mishra

    4 महिन्यांपूर्वी

    we have already included a Unique identifier in SAML Artifact then why we have to include Issuer ID in SAML assertion ?

    • eywavatar

      eywavatar

      4 महिन्यांपूर्वी

      UiD is user detail and issuer id is the Senders details

  • pcoronasty

    pcoronasty

    4 महिन्यांपूर्वी

    Thank you !

  • Sihine Estifanos

    Sihine Estifanos

    4 महिन्यांपूर्वी

    Awesome Explanation. Does the example you show include both Authentication and Authorization? Or Do we need additional configuration needed specific for Authorization? Thank you.

    • VMware End-User Computing

      VMware End-User Computing

      27 दिवसांपूर्वी

      SAML can be used for both and I would say you don't need to configure anything extra.

  • William Chen

    William Chen

    4 महिन्यांपूर्वी

    Good presentation. What kind of software are you using to make this awesome video -- :)

    • VMware End-User Computing

      VMware End-User Computing

      3 महिन्यांपूर्वी

      Best is for you to search the Internet for it.. There are plenty of animation software you can use..

  • Aniket Sarkar

    Aniket Sarkar

    4 महिन्यांपूर्वी

    How a SAML assertion signed?

    • VMware End-User Computing

      VMware End-User Computing

      4 महिन्यांपूर्वी

      It is done with the help of the private key of the sender. Therefore can be validated with the use of the public key of the sender. Standard certificate stuff.

  • Tigani Ismail

    Tigani Ismail

    5 महिन्यांपूर्वी

    It's what I was looking for. Thanks very much

  • ravi k

    ravi k

    5 महिन्यांपूर्वी

    Very clear explanation, thank you!

  • Rohan Jadvani

    Rohan Jadvani

    5 महिन्यांपूर्वी

    This is a great video. Very concise and simple explanations. Would recommend checking out WorkOS ( https://workos.com/ ) to get SAML authentication integrated for free.

  • Ryan Ren

    Ryan Ren

    5 महिन्यांपूर्वी

    Really great video about SAML2.0, good job

  • Prabhu Kadiam

    Prabhu Kadiam

    5 महिन्यांपूर्वी

    That's REALLY nice video on SAML, IDP, SP, SSO

  • Alex J

    Alex J

    5 महिन्यांपूर्वी

    SAML Tracer demo was awesome.

  • ClintonxA

    ClintonxA

    5 महिन्यांपूर्वी

    Excellent overview, thanks.

  • patsy perez

    patsy perez

    6 महिन्यांपूर्वी

    Fantastic explanation! very thorough and clear.

  • Edson Nascimento

    Edson Nascimento

    6 महिन्यांपूर्वी

    This is by far the best explanation I saw from this process!!!
    Very good Job here! Thank you so much!

  • M K

    M K

    6 महिन्यांपूर्वी

    Thanks for explaining in details. Very informative.

  • R SHAH

    R SHAH

    6 महिन्यांपूर्वी

    Thank you for the detail clarification about IDP, SP and SAML

  • Prashant Pharate

    Prashant Pharate

    6 महिन्यांपूर्वी

    Simplest explanation I ever seen on SSO, IDP, SP SAML. Thanks for the Video

  • Hreinn Juliusson

    Hreinn Juliusson

    6 महिन्यांपूर्वी

    What an excelent video. Well done!

  • Dileep Yadav

    Dileep Yadav

    6 महिन्यांपूर्वी

    Trust me this is the great video to start SAML..cheers

  • Rajesh Kishore

    Rajesh Kishore

    6 महिन्यांपूर्वी

    Great explanation

  • Gareth Roberts

    Gareth Roberts

    6 महिन्यांपूर्वी

    What a great video. Just had the right level of information I was looking for. Thanks!

  • David Gill

    David Gill

    6 महिन्यांपूर्वी

    Excellent content and presentation. Would you mind sharing what software you used to simulate writing on the white board?

    • VMware End-User Computing

      VMware End-User Computing

      27 दिवसांपूर्वी

      Thanks.. Just Google for it. There are plenty and I wouldn't say no one is better than the other.

  • AMOL DABHADE

    AMOL DABHADE

    6 महिन्यांपूर्वी

    Very well explained...saml concept is cleared now...much things are done at the background..such as authentication and authorization and many more.. between IDP and SP.

  • Mohammad H. Hemeda

    Mohammad H. Hemeda

    7 महिन्यांपूर्वी

    Thanks a lot for sharing this video. It strikes the right balance between the technicalities and the big picture needed to introduce someone to SAML 2.0. Most of the resources I found before were either too technical such as the specification itself or were focused on configuring a specific product without explaining the underlying concepts. If I would recommend a resource for a beginner, it would definitely be this video.

  • Arjun Ananth

    Arjun Ananth

    7 महिन्यांपूर्वी

    One of the best video on SAML I have seen so far. I was literally looking for a clear explanation. It cannot get any clearer than this. Good Job !!!!!

  • CHARY K

    CHARY K

    7 महिन्यांपूर्वी

    Very clearly and easily explained , Thanks very Much 👍🏼

  • Nisar Shaikh

    Nisar Shaikh

    7 महिन्यांपूर्वी

    Great video, easy to understand.
    Client want to integrate SSO with auth0. Requirement is like if user is logged in to asdf.com and if he wants to login to asdf.qwert.com then there should be seamless login. I am looking forward with SAML. How can I do this? please help.

    • VMware End-User Computing

      VMware End-User Computing

      7 महिन्यांपूर्वी

      Thanks, happy you liked it.. How exactly you go about doing it depends on what products you have. Are you using VMware's Workspace ONE Access? If not, I'm afraid I cannot give you any detailed guidelines.

  • Arpit Bhatt

    Arpit Bhatt

    7 महिन्यांपूर्वी

    Well explained.

  • Justin Greenwood

    Justin Greenwood

    7 महिन्यांपूर्वी

    Awesome video. Very succinct.

  • varun srivastawa

    varun srivastawa

    7 महिन्यांपूर्वी

    Nice explanation and very informative, thanks Peter.

  • Nilesh Garud

    Nilesh Garud

    8 महिन्यांपूर्वी

    very good presentation. short and sweet :)

  • Jonne Teixeira

    Jonne Teixeira

    8 महिन्यांपूर्वी

    Super cool explanation! Thanks!!

  • Jonas

    Jonas

    8 महिन्यांपूर्वी

    Thank you! Really great explanation!

  • Michael Schmidt

    Michael Schmidt

    8 महिन्यांपूर्वी

    Is it fair to say that artifact binding is akin to oAuth code flow (code for token exchange)? Pass the artifact on the front channel while assertion is passed back channel?

    • VMware End-User Computing

      VMware End-User Computing

      8 महिन्यांपूर्वी

      Hi, not sure I would say they are similar. OAuth has a completely different use-case.. With SAML Artifact it is the application backend (SP) retrieving the artifact. In OAuth it is the client. Then the client sends the OAuth token to the backend for access..

  • Mārcis Lagzdiņš

    Mārcis Lagzdiņš

    9 महिन्यांपूर्वी

    Wow, such a great and explanatory video which also includes technical details - loved it!

    A question - how the digest value / signature of the IdP works and how can you know that it has not been tampered with? Basically, is it mandatory to encrypt SAML assertion messages by both IdP and SP or is it just enought that they are signed?

    • VMware End-User Computing

      VMware End-User Computing

      8 महिन्यांपूर्वी

      Hi, glad you liked the video.. I am not an expert on the signing method but assume it is something like generating a hash of the message and then encrypting it with the private key.. Pretty much like email signing. Then the receiving end decrypts it using the public key and compares it with its own hash. If they match no one has tampered with the message.. If anyone else knows more details please feel free to comment. Encryption of the whole message is not super common. Typically many are fine with the signing. But if you are extra cautious I guess encryption would solve that for you.

  • Mukul Mahajan

    Mukul Mahajan

    9 महिन्यांपूर्वी

    wondering how is saml used for authorization?

    • VMware End-User Computing

      VMware End-User Computing

      8 महिन्यांपूर्वी

      Well, SAML can include any attributes of the user. So that means you can include authorization information that way.. You can also claim that the portion of the assertion stating if the user was successful to authenticate and use a certain resource or not also is an authorization type.

  • Sam Li

    Sam Li

    9 महिन्यांपूर्वी

    Great presentation. Easy to know the flow of SAML. Thanks you very much.

  • Anil Kinikar

    Anil Kinikar

    9 महिन्यांपूर्वी

    Nice and informative video 👍

  • 叶国伟

    叶国伟

    9 महिन्यांपूर्वी

    Thanks for the videa. Now I know what's SAML. :D

  • Binoy Joseph

    Binoy Joseph

    9 महिन्यांपूर्वी

    The explanation and video are very clear, easy to visualize and understand. It covered most of the important topics and is exhaustive. Thank you so much, helped a lot.

  • Zia Ur Rehman

    Zia Ur Rehman

    10 महिन्यांपूर्वी

    Hi good explanation, how the digest value and signature was prepared.

  • Neon2110

    Neon2110

    10 महिन्यांपूर्वी

    With SAML 2.0 you can use Active Directory or LDAP to handle authorization so you can simply integrate with IAM governance tool( SailPoint) to handle end user access, leaver/transfer process.

    • VMware End-User Computing

      VMware End-User Computing

      10 महिन्यांपूर्वी

      On-premises Active Directory is a user store and can handle AuthZ for Windows networks but is not based on SAML. The AD is often the source of your identities and feeds your SAML solution with users and groups. SailPoint is an excellent Identity Management solution. But this video is about the standard SAML 2.0. It is not focusing on specific products or vendors.

  • A

    A

    10 महिन्यांपूर्वी

    Great video, even after all these years with VIDM I could pick up something new!

  • thepotoko

    thepotoko

    10 महिन्यांपूर्वी

    Excellent video. Thanks

  • HonneyZouka

    HonneyZouka

    10 महिन्यांपूर्वी

    Great content, lovely video editing as well, and voice over is nicely done too

  • Simon Elberts

    Simon Elberts

    11 महिन्यांपूर्वी

    Great explanation of the SAML protocol, thanks Peter

  • Domenico Langone

    Domenico Langone

    11 महिन्यांपूर्वी

    Hello Peter! Great job ... as usual.

  • bhakti nagvekar

    bhakti nagvekar

    11 महिन्यांपूर्वी

    Simply great video..

  • Younes MOUSTAMID

    Younes MOUSTAMID

    11 महिन्यांपूर्वी

    Hello Peter,
    Its totally clear and i would like to see more especially regarding Oauth (how to check and configure...) anyways, thank you so much for this amazing video ... really appreciate it
    Tanks once again & good luck with your business.

  • Türkay Yaray

    Türkay Yaray

    11 महिन्यांपूर्वी

    My customer wants SAML integration between Oracle Access Manager and the Horizon 7 environment.
    we did the metadata transfer but it didn't work properly.
    Connection Servers are behind the UAG, in which case should SAML integration be made on the connection server? or on the UAG? or both?
    how can I do this integration?

    • Dasari Prathap

      Dasari Prathap

      2 महिन्यांपूर्वी

      Thank you so much for this video.. it's very useful

    • VMware End-User Computing

      VMware End-User Computing

      11 महिन्यांपूर्वी

      Horizon requires the SAML Artifact flow and it is not a standard implementation. You must either use Workspace ONE Access as a bridge or you can use the latest Unified Access Gateway 3.8. In 3.8 generic SAML support was added. Here's a post talking about how to set it up with Okta.. techzone.vmware.com/enabling-saml-20-authentication-horizon-unified-access-gateway-and-okta-vmware-horizon-operational. Hopefully that will help you.