Security Assertion Markup Language (SAML) simplifies federated authentication and authorization processes for users, identity providers, and service providers. It is an open standard and is often used to provide single sign-on to web-based applications. The protocol is used for authentication and providing authorization information. The SAML protocol has three entities: User-agent, which typically is the user's web browser, service provider (SP), the application you are trying to access, and the identity provider (IDP), the application that manages access to your various service providers.
When configuring SAML, we have to establish a trusted relationship between SP and IDP. A user who wants to access an SP must first authenticate into the IDP. If the user manages to authenticate successfully and is authorized, the IDP generates a SAML assertion that is sent to the application, and since the application trusts IDP, the user is allowed access. Since the user is already authenticated into IDP, the user can then use single sign-on to access other applications managed by the IDP.
How is it Done in Adobe Experience Manager?
Adobe Experience Manager (AEM) can use the SAML standard to exchange authentication and authorization data with an IDP service. It enables a web-based cross-domain single sign-on (SSO) and a single logout (SLO). In this case, the SAML standard would define AEM as the Service Provider (SP) and the 3rd party identify solution as the Identity Provider (IDP).