SAML 2.0: Technical Overview

121 885 दृश्य

This video will explain the basics of the SAML protocol, focusing on what an IT administrator tasked with setting up federation must know.
VMware End-User Computing (EUC) solutions empower the digital workspace by simplifying app & access management, unifying endpoint management & transforming Windows delivery. Learn more on the Digital Workspace Tech Zone:

  • This is pure gold, many thanks to whoever decided to make this video!

    JeoffreyJeoffrey8 घंटे पहले
  • The best explanation. Just beautiful !

    udyog Jagatudyog Jagat2 दिन पहले
  • Wonderfully explained. Thank you so much :)

    Raghavendra GRaghavendra G11 दिन पहले
  • Excellent! Thank You Peter, God Bless You

    Ahmed AlmutairiAhmed Almutairi25 दिन पहले
  • Very cool explanation! Got everything covered. Thank you so muchh.

    Tanuj PandeyTanuj Pandeyमहीने पहले
  • Such a clear explanation for a rather obscure subject! Thanks a lot, Peter!

    Jose MarcenaroJose Marcenaroमहीने पहले
  • excellent!

    Denis GantsevDenis Gantsevमहीने पहले
  • Very nice video, easy to understand.

    Sergio MatosSergio Matos2 महीने पहले
  • This is an Great Explanation so far I have seen. I have got to know few new things after seeing this even though I am familiar about SAML before. Thank you very much. Just want to see how you explain differences between SAML 1.1 & 2.0 If possible please add that one also. Thanks.

    sandeepsandeep2 महीने पहले
  • I was able to understand everything up to 11 min but after that lost. Woul have been better if you mentiond how you did setup.

    Pramod Kumar TalesaraPramod Kumar Talesara2 महीने पहले
  • 👍👍👍

  • awesome!!

    rohan sinharohan sinha2 महीने पहले
  • Clearest explanation I've seen. Thanks!

    Jose GuardiolaJose Guardiola2 महीने पहले
  • I agree with other users, great and clear explanation

    Silvio IvaldiSilvio Ivaldi2 महीने पहले
  • That was excellent. Thanks for your help!

    Vincent Caudo-EngelmannVincent Caudo-Engelmann2 महीने पहले
  • Very well explained .. Thank you so much

    Integration CornerIntegration Corner2 महीने पहले
  • Lastname: NOOB me: -_-

    Lucas DraneyLucas Draney3 महीने पहले
  • Brilliant explanation!!! TYVM

    Stefan CoetzerStefan Coetzer3 महीने पहले
  • Thank you Sir. Excellent explanation of the SAML protocol. This is one best training video on SAML. Great job. Thanks!!!

    RidwanRidwan3 महीने पहले
  • Excellent explanation. I spent time understanding this at different places but today it made all clear. Keep it up!!

    P̳̿͟͞a̳̿͟͞r̳̿͟͞v̳̿͟͞ ̳̿͟͞S̳̿͟͞h̳̿͟͞e̳̿͟͞t̳̿͟͞h̳̿͟͞P̳̿͟͞a̳̿͟͞r̳̿͟͞v̳̿͟͞ ̳̿͟͞S̳̿͟͞h̳̿͟͞e̳̿͟͞t̳̿͟͞h̳̿͟͞3 महीने पहले
  • Great and clean explanation

    Selva's youtubeSelva's youtube3 महीने पहले
  • Great video, congratulations

    lucasjluftlucasjluft3 महीने पहले
  • One of the best video on SAML I have seen so far. I was literally looking for a clear explanation. It cannot get any clearer than this. Good Job !!!!! +1

    Musa MammadovMusa Mammadov3 महीने पहले
  • How good is this video. I spent 2 hours surfing through various articles but this video consolidates the entire SAML protocol into one well-defined video. Thanks, Peter

    Sujay YajiSujay Yaji4 महीने पहले
    • Many thanks for sharing, happy you found it useful.

      VMware End-User ComputingVMware End-User Computing4 महीने पहले
  • 5:44 In case of IdP initiated flow, how can a browser (user) get the assertion from IdP and send it to SP later? I think SP always needs to redirect to IdP no matter where the authentication initiated.

    OekuezOekuez4 महीने पहले
    • @VMware End-User Computing Makes sense. Thank you!

      OekuezOekuez4 महीने पहले
    • Hi.. No that is not accurate. SAML do support a pure IdP-init flow. But this often requires the IdP to also have an application catalog so the users can click on an icon to launch the app (SP). There are some variations often referred to as pseudo SP-init and pseudo IdP-init where the flow is more like how you described.

      VMware End-User ComputingVMware End-User Computing4 महीने पहले
  • Great video! Just a question: for trust to be established between the Identify Provider and Service Provider, is there an initial setup or handshake between those two entities to verify that it's working? And would failures in trust be known only at runtime?

    lachlan burnsidelachlan burnside4 महीने पहले
    • Some SPs offers a test mechanism, e.g. SFDC. But in general once you established trust (often the metadata exchange) you have to test it manually.

      VMware End-User ComputingVMware End-User Computing4 महीने पहले
  • very well explained

    Reviews HydReviews Hyd4 महीने पहले
  • Excellent video explaining fundamentals of SAML flow.

    Appaji KoppulaAppaji Koppula4 महीने पहले
  • In any arbitrary coding language, how would I go about sending an AuthnRequest from SP to IDP, and get the SAMLResponse back? And then how also would I get the parse the SAMPResponse from the html form it is sent in? Any clue, guys?

    Supratick CBNITSSupratick CBNITS4 महीने पहले
  • Learn more on End-to-end tech implementation - Mandisa Makubalo on Engati CX :

    Pruthvi FernandesPruthvi Fernandes4 महीने पहले
  • Peter Bjork, I presume. This is by far the best SAML video I have ever seen. Thanks a lot, very clarifying and useful. If you happen to have your own channel or more videos, please tell

    Alberto CoriscoAlberto Corisco5 महीने पहले
    • Many thanks, glad you liked it.. is where I publish everything that I do.. I hope to get the time to create more technology/standards generic video.

      VMware End-User ComputingVMware End-User Computing4 महीने पहले
  • A most excellent primer on SAML. Thank you very much!

    hexc0dehexc0de5 महीने पहले
  • Best so far, Great Job

    Pardeep LakhaniPardeep Lakhani5 महीने पहले
  • thanks for the good explanation. i would like to know more about the signature and certificate exchange. Can anybody recommend a source ?

    Christian B.Christian B.5 महीने पहले
  • I just got done with your IAM Techincal video. Thanks for putting this up! Saved me a ton of time.

    John DeeJohn Dee5 महीने पहले
  • Thank you! nicely explained.

    Abhay SinghAbhay Singh5 महीने पहले
  • Is this correct? My understanding of SAML was that there is no communication between IDP and SP and that SAML assertions are issued to the user. You seems to keep referring to some for of communication between IDP and SP.

    Darragh O'ShaughnessyDarragh O'Shaughnessy6 महीने पहले
    • There is communication between SP and the IdP when using the SAML Artifact flow.. I explained both flows..

      VMware End-User ComputingVMware End-User Computing5 महीने पहले
  • nice :)

    mohamed echatemohamed echate6 महीने पहले
  • again, perfect, awesome explanation

    John WardJohn Ward6 महीने पहले
  • we have already included a Unique identifier in SAML Artifact then why we have to include Issuer ID in SAML assertion ?

    Kavish MishraKavish Mishra6 महीने पहले
    • UiD is user detail and issuer id is the Senders details

      eywavatareywavatar5 महीने पहले
  • Thank you !

    pcoronastypcoronasty6 महीने पहले
  • Awesome Explanation. Does the example you show include both Authentication and Authorization? Or Do we need additional configuration needed specific for Authorization? Thank you.

    Sihine EstifanosSihine Estifanos6 महीने पहले
    • SAML can be used for both and I would say you don't need to configure anything extra.

      VMware End-User ComputingVMware End-User Computing2 महीने पहले
  • Good presentation. What kind of software are you using to make this awesome video -- :)

    William ChenWilliam Chen6 महीने पहले
    • Best is for you to search the Internet for it.. There are plenty of animation software you can use..

      VMware End-User ComputingVMware End-User Computing5 महीने पहले
  • How a SAML assertion signed?

    Aniket SarkarAniket Sarkar6 महीने पहले
    • It is done with the help of the private key of the sender. Therefore can be validated with the use of the public key of the sender. Standard certificate stuff.

      VMware End-User ComputingVMware End-User Computing6 महीने पहले
  • It's what I was looking for. Thanks very much

    Tigani IsmailTigani Ismail6 महीने पहले
  • Very clear explanation, thank you!

    ravi kravi k6 महीने पहले
  • This is a great video. Very concise and simple explanations. Would recommend checking out WorkOS ( ) to get SAML authentication integrated for free.

    Rohan JadvaniRohan Jadvani7 महीने पहले
  • Really great video about SAML2.0, good job

    Ryan RenRyan Ren7 महीने पहले
  • That's REALLY nice video on SAML, IDP, SP, SSO

    Prabhu KadiamPrabhu Kadiam7 महीने पहले
  • SAML Tracer demo was awesome.

    Alex JAlex J7 महीने पहले
  • Excellent overview, thanks.

    ClintonxAClintonxA7 महीने पहले
  • Fantastic explanation! very thorough and clear.

    patsy perezpatsy perez7 महीने पहले
  • This is by far the best explanation I saw from this process!!! Very good Job here! Thank you so much!

    Edson NascimentoEdson Nascimento7 महीने पहले
  • Thanks for explaining in details. Very informative.

    M KM K8 महीने पहले
  • Thank you for the detail clarification about IDP, SP and SAML

    R SHAHR SHAH8 महीने पहले
  • Simplest explanation I ever seen on SSO, IDP, SP SAML. Thanks for the Video

    Prashant PharatePrashant Pharate8 महीने पहले
  • What an excelent video. Well done!

    Hreinn JuliussonHreinn Juliusson8 महीने पहले
  • Trust me this is the great video to start SAML..cheers

    Dileep YadavDileep Yadav8 महीने पहले
  • Great explanation

    Rajesh KishoreRajesh Kishore8 महीने पहले
  • What a great video. Just had the right level of information I was looking for. Thanks!

    Gareth RobertsGareth Roberts8 महीने पहले
  • Excellent content and presentation. Would you mind sharing what software you used to simulate writing on the white board?

    David GillDavid Gill8 महीने पहले
    • Thanks.. Just Google for it. There are plenty and I wouldn't say no one is better than the other.

      VMware End-User ComputingVMware End-User Computing2 महीने पहले
  • Very well explained...saml concept is cleared now...much things are done at the background..such as authentication and authorization and many more.. between IDP and SP.

  • Thanks a lot for sharing this video. It strikes the right balance between the technicalities and the big picture needed to introduce someone to SAML 2.0. Most of the resources I found before were either too technical such as the specification itself or were focused on configuring a specific product without explaining the underlying concepts. If I would recommend a resource for a beginner, it would definitely be this video.

    Mohammad H. HemedaMohammad H. Hemeda8 महीने पहले
  • One of the best video on SAML I have seen so far. I was literally looking for a clear explanation. It cannot get any clearer than this. Good Job !!!!!

    Arjun AnanthArjun Ananth8 महीने पहले
  • Very clearly and easily explained , Thanks very Much 👍🏼

    CHARY KCHARY K9 महीने पहले
  • Great video, easy to understand. Client want to integrate SSO with auth0. Requirement is like if user is logged in to and if he wants to login to then there should be seamless login. I am looking forward with SAML. How can I do this? please help.

    Nisar ShaikhNisar Shaikh9 महीने पहले
    • Thanks, happy you liked it.. How exactly you go about doing it depends on what products you have. Are you using VMware's Workspace ONE Access? If not, I'm afraid I cannot give you any detailed guidelines.

      VMware End-User ComputingVMware End-User Computing9 महीने पहले
  • Well explained.

    Arpit BhattArpit Bhatt9 महीने पहले
  • Awesome video. Very succinct.

    Fuhque GewgullFuhque Gewgull9 महीने पहले
  • Nice explanation and very informative, thanks Peter.

    varun srivastawavarun srivastawa9 महीने पहले
  • very good presentation. short and sweet :)

    Nilesh GarudNilesh Garud9 महीने पहले
  • Super cool explanation! Thanks!!

    Jonne TeixeiraJonne Teixeira10 महीने पहले
  • Thank you! Really great explanation!

    Monads for FreeMonads for Free10 महीने पहले
  • Is it fair to say that artifact binding is akin to oAuth code flow (code for token exchange)? Pass the artifact on the front channel while assertion is passed back channel?

    Michael SchmidtMichael Schmidt10 महीने पहले
    • Hi, not sure I would say they are similar. OAuth has a completely different use-case.. With SAML Artifact it is the application backend (SP) retrieving the artifact. In OAuth it is the client. Then the client sends the OAuth token to the backend for access..

      VMware End-User ComputingVMware End-User Computing10 महीने पहले
  • Wow, such a great and explanatory video which also includes technical details - loved it! A question - how the digest value / signature of the IdP works and how can you know that it has not been tampered with? Basically, is it mandatory to encrypt SAML assertion messages by both IdP and SP or is it just enought that they are signed?

    Mārcis LagzdiņšMārcis Lagzdiņš10 महीने पहले
    • Hi, glad you liked the video.. I am not an expert on the signing method but assume it is something like generating a hash of the message and then encrypting it with the private key.. Pretty much like email signing. Then the receiving end decrypts it using the public key and compares it with its own hash. If they match no one has tampered with the message.. If anyone else knows more details please feel free to comment. Encryption of the whole message is not super common. Typically many are fine with the signing. But if you are extra cautious I guess encryption would solve that for you.

      VMware End-User ComputingVMware End-User Computing10 महीने पहले
  • wondering how is saml used for authorization?

    Mukul MahajanMukul Mahajan10 महीने पहले
    • Well, SAML can include any attributes of the user. So that means you can include authorization information that way.. You can also claim that the portion of the assertion stating if the user was successful to authenticate and use a certain resource or not also is an authorization type.

      VMware End-User ComputingVMware End-User Computing10 महीने पहले
  • Great presentation. Easy to know the flow of SAML. Thanks you very much.

    Sam LiSam Li10 महीने पहले
  • Nice and informative video 👍

    Anil KinikarAnil Kinikar11 महीने पहले
  • Thanks for the videa. Now I know what's SAML. :D

    叶国伟叶国伟11 महीने पहले
  • The explanation and video are very clear, easy to visualize and understand. It covered most of the important topics and is exhaustive. Thank you so much, helped a lot.

    Binoy JosephBinoy Joseph11 महीने पहले
  • Hi good explanation, how the digest value and signature was prepared.

    Zia Ur RehmanZia Ur Rehman11 महीने पहले
  • With SAML 2.0 you can use Active Directory or LDAP to handle authorization so you can simply integrate with IAM governance tool( SailPoint) to handle end user access, leaver/transfer process.

    Neon2110Neon2110साल पहले
    • On-premises Active Directory is a user store and can handle AuthZ for Windows networks but is not based on SAML. The AD is often the source of your identities and feeds your SAML solution with users and groups. SailPoint is an excellent Identity Management solution. But this video is about the standard SAML 2.0. It is not focusing on specific products or vendors.

      VMware End-User ComputingVMware End-User Computingसाल पहले
  • Great video, even after all these years with VIDM I could pick up something new!

    AAसाल पहले
  • Excellent video. Thanks

    thepotokothepotokoसाल पहले
  • Great content, lovely video editing as well, and voice over is nicely done too

    HonneyZoukaHonneyZoukaसाल पहले
  • Great explanation of the SAML protocol, thanks Peter

    Simon ElbertsSimon Elbertsसाल पहले
  • Hello Peter! Great job ... as usual.

    Domenico LangoneDomenico Langoneसाल पहले
  • Simply great video..

    bhakti nagvekarbhakti nagvekarसाल पहले
  • Hello Peter, Its totally clear and i would like to see more especially regarding Oauth (how to check and configure...) anyways, thank you so much for this amazing video ... really appreciate it Tanks once again & good luck with your business.

    Younes MOUSTAMIDYounes MOUSTAMIDसाल पहले
  • My customer wants SAML integration between Oracle Access Manager and the Horizon 7 environment. we did the metadata transfer but it didn't work properly. Connection Servers are behind the UAG, in which case should SAML integration be made on the connection server? or on the UAG? or both? how can I do this integration?

    Türkay YarayTürkay Yarayसाल पहले
    • Thank you so much for this video.. it's very useful

      Dasari PrathapDasari Prathap3 महीने पहले
    • Horizon requires the SAML Artifact flow and it is not a standard implementation. You must either use Workspace ONE Access as a bridge or you can use the latest Unified Access Gateway 3.8. In 3.8 generic SAML support was added. Here's a post talking about how to set it up with Okta.. Hopefully that will help you.

      VMware End-User ComputingVMware End-User Computingसाल पहले