Single sign-on using SAML authentication for learningBOX

This presentation will explain the concept and benefits of SAML authentication, one of the authentication settings, as well as how the SAML authentication method works in learningBOX.

Contents

What is SAML Authentication?

SAML (Security Assertion Markup Language) is an XML-based international standard authentication method for authenticating users across different domains of the Internet and is a protocol for single sign-on (SSO).
In SAML, each application or service that attempts to authenticate is called a Service Provider.
The service provider redirects the authentication request to the Identity Provider (IdP) for authentication, and upon authentication by the IdP, the IdP notifies the user (browser) of the redirection to the SP. The user then accesses the redirection to complete authentication.
Because it only passes authentication information, it is used in IDaaS products (Identity as a Service: cloud-based ID and password management tools) and single sign-on tools.
It is mainly used for single sign-on for cloud services.

What is Single Sign-On (SSO)?

Single sign-on (hereafter referred to as SSO) is a system that allows users to log in to multiple services simultaneously by simply logging in with a single ID and password. As the number of convenient applications and systems used by organizations increases, the demand for SSO is also increasing.

SAML Terms -Know This! -SAML

The two main components of SAML are

Identity Provider (IdP): Provider of authentication information
SP (Service Provider): The party that uses authentication information (joint web application)

SAML consists of two elements, the Identity Provider (IdP) and the Service Provider (SP), and if the SP that provides the Web service supports SAML, SSO can be achieved using authentication information provided by the IdP.

AuthnRequest: Authorization request issued when the SP side requests authentication from the Idp.
SAMLResponse: An authorization response containing authentication information to an authorization request.

What is the latest version of SAML?

SAML was formulated in 2002.
The most current version is version 2.0, formulated in 2005.
Click here for a technical overview.Security Assertion Markup Language (SAML) V2.0 Technical Overview - OASIS

Benefits of implementing single sign-on with SAML authentication

In addition to SAML authentication, there are other authentication settings that can be used to achieve SSO. What are the benefits of implementing SSO with SAML authentication? While there are of course improvements in user experience, cost reductions, etc., the following points are particularly noteworthy.

Enhanced Security

Traditionally, SSO has been done using cookies. By storing an authentication cookie that holds login information in the browser, a login state is possible. However, authentication cookies can only establish SSO within the same domain, and since cookies can cache the transmitted authentication cookies in the browser, they may allow unauthorized use by third party impersonators. In other words, it could not be linked to services provided by other companies, such as learningBOX, and there were security issues.

SAML is a new technology that allows SSO to be established by only passing authentication information without relying on cookies, and is compatible with highly secure authentication environments such as PKI (Public Key Infrastructure).

This allows SSO to be implemented with stronger security, and many companies have adopted this system.
I think it is safe to say that SSO is now mainstream.

Of course, there are disadvantages.
Since the authentication function is entrusted to a single ID and password, unauthorized access to each service can easily occur if the ID and password are leaked. However, it can be said that there is only one piece of information that needs to be protected, so it is important to manage it well while reinforcing it with a combination of multi-factor authentication, etc.

Single sign-on using SAML authentication for learningBOX

Finally, we will discuss single sign-on using SAML authentication for learningBOX.

learningBOX can use external authentication with the SAML2.0 protocol.
In this case, learningBOX is the service provider (SP).

The SAML authentication mechanism in learningBOX is as follows

Also, to enable SAML authentication, settings must be made on both the learningBOX and the IdP.
Note that the name and content of each setting item in SAML authentication varies depending on the IdP.

*A shared server/customization contract is required to use SAML authentication settings.
 Pricing

Contents