Although this video is more than 10 years old, it is still the best. I came here after watching two videos for SAML and I felt that this is the best and more knowledgeable.
What you failed to explain at the beginning, which I would like to have known about, when the user want’s to access an SP, where does the SP get the user ID that it needs to send to the idP, where a check is made to authorise SP usage? Otherwise, a useful video.
So the user clicks on a link and the federation software starts to work on the IdP side? And what happens between these 2 events? This is the worst explanation of the SP-initiated SSO. Maybe the IdP-initiated SSO would have been a better choice as an introduction to SAML.
Pretty much echoes the notes I've taken on the subject. Very concise and easy to understand. I will subscribe to your channel now, as it can at times be hard to find concise explanations of technical subjects on TH-cam
succinct to the point! However, lack details for beginners to understand fully. For example, Assertion xml was not explained at all as this assertion file is crucial to SSO concept.
Yeah I found that so distracting I actually had to rewind the video! :) I wonder if he reads out web addresses like it's 1999 too? Aitch-tee-tee-pee, colon, forward-stroke, forward-stroke.....
I don't understand. So you don't have to create an account or profile for the user in the cloud? Don't you typically have to have a mapped account in other applications?
Your account is in the IdP. The connections between service providers/cloud providers/apps hosted in the cloud utilize SAML to authenticate users in your idP. Take for example an application hosted in AWS but your IdP is Azure. The SAML connection is between AWS and Azure. YOU create your user's account or assign the role to a group and provide the connection role to the AWS application within Azure. When the user attempts to use the app in AWS, it will go to the IdP and request the validation and follows the process as described in the video above. Most folks now are using ADFS (AD Federated Services) as a two-factor front-end for the user. They authenticate with their UN and pass and then follow the 2FA steps. Once in, they can be routed wherever. Usually to a dashboard within Azure or you can replace it with your own portal, whatever you want. The applications that user has access to can be displayed or linked on that page. The user simply clicks on the link and boom SSO takes over behind the scenes using SAML instead of then having to enter additional creds at the application. BASIC example: User logs in to portal.mycompany.com. They auth using their UN and pass and then 2FA. They are routed to the page after ADFS steps in and completes that process. Then they click on...say...ADP. ADPs connection to the IdP (Azure in this case) is auth'd through SAML. User simply clicks on the ADP button, boom, in to their ADP profile. It works, it's more secure, easier on the management, faster for the user, less chance of phishing or vishing attacks or even social attacks to get authentication. They are in, the SAML connection keeps the connection protected, and the internet footprint of authentication for your organization is HIGHLY reduced. Win win win...and another win lol.
@@murmur2410 sometimes. It's not a recommended security practice to mention it at the outside. The users are told internally. Only thing on the outside is the banner that states "screw you don't connect to my stuff...blah blah blah". No evidence to your setup should ever be available on the outside.
Sir.. I need to integrate saml with next cloud server... I have downloaded the saml libraries but not able to integrate the next cloud application with my IDENTITY ACCESS MANAGEMENT SERVER
good video but the SP and IDP do no talk to each other , instead , the SP redirects the user to the IDP , IDP generates the assertion and profile and then user goes back to the SP who lets the user through so he can access the app , you can check out the SAML flow here : en.wikipedia.org/wiki/Security_Assertion_Markup_Language
User accesses SP SP checks with IdP if use is valid **SP->IdP** -not logged in SP redirects to IdP IdP validates user User returns to SP SP checks with IdP if use is valid **SP->IdP** -receives user info SP Authentication continues
Although this video is more than 10 years old, it is still the best. I came here after watching two videos for SAML and I felt that this is the best and more knowledgeable.
The way you conveyed the information is super simple to understand by a layman - Great work!
awesome video: usually these are way to drug out: accurate and simple explanation=gratitude
What you failed to explain at the beginning, which I would like to have known about, when the user want’s to access an SP, where does the SP get the user ID that it needs to send to the idP, where a check is made to authorise SP usage? Otherwise, a useful video.
2:33 Who is Earl and why do I need to go to him on the internet?
Justin He means, for those who don’t know, going to an URL😅, that is a web address on the internet.
This made my day
@@Godlystriker Mine too! lol
lol
short , concise and simple, thank you !
11 years ago and still good
very informative, simple and stright to understand. Thank you.
that was by far the best explanation about saml on youtube... thanks
Clean, short, simple explanation. Thank you!
Wow this is more easy to follow and understand. great video dude
Awesome !!, SAML enlightening in a simple way , Thanks for sharing.
So the user clicks on a link and the federation software starts to work on the IdP side? And what happens between these 2 events? This is the worst explanation of the SP-initiated SSO. Maybe the IdP-initiated SSO would have been a better choice as an introduction to SAML.
what is the word he used at 0:43 "multiple authentification c.." ?
shikagohan credentials
Pretty much echoes the notes I've taken on the subject. Very concise and easy to understand. I will subscribe to your channel now, as it can at times be hard to find concise explanations of technical subjects on TH-cam
succinct to the point! However, lack details for beginners to understand fully. For example, Assertion xml was not explained at all as this assertion file is crucial to SSO concept.
Simple and to the point explanation - gratitude.
This is excellent. Short but very informative.
Excellent explanation of SAML! Thank you!
concise explanation right there. Thank you very much
Thanks Mike for this wonderful video. It was very informative indeed.
great high level overview, thanks for the explanation
Very helpful information in easiest way.
Concise & complete... Thank you...!!
Mike - You have explained well and in simple terms.. If you can also publish IDP initiated SAML SSO, it will be a great help.
Great vid. However, saying "U-R-L" instead of "Earl" will make you seem 10 years younger.
Yeah I found that so distracting I actually had to rewind the video! :) I wonder if he reads out web addresses like it's 1999 too? Aitch-tee-tee-pee, colon, forward-stroke, forward-stroke.....
lol I caught that too.
Yeah I immediately paused the video and went to the comment section after I heard Earl
@@nickgilbert1264 Thats funny :DD
I don't understand. So you don't have to create an account or profile for the user in the cloud?
Don't you typically have to have a mapped account in other applications?
Your account is in the IdP. The connections between service providers/cloud providers/apps hosted in the cloud utilize SAML to authenticate users in your idP. Take for example an application hosted in AWS but your IdP is Azure. The SAML connection is between AWS and Azure. YOU create your user's account or assign the role to a group and provide the connection role to the AWS application within Azure. When the user attempts to use the app in AWS, it will go to the IdP and request the validation and follows the process as described in the video above. Most folks now are using ADFS (AD Federated Services) as a two-factor front-end for the user. They authenticate with their UN and pass and then follow the 2FA steps. Once in, they can be routed wherever. Usually to a dashboard within Azure or you can replace it with your own portal, whatever you want. The applications that user has access to can be displayed or linked on that page. The user simply clicks on the link and boom SSO takes over behind the scenes using SAML instead of then having to enter additional creds at the application. BASIC example: User logs in to portal.mycompany.com. They auth using their UN and pass and then 2FA. They are routed to the page after ADFS steps in and completes that process. Then they click on...say...ADP. ADPs connection to the IdP (Azure in this case) is auth'd through SAML. User simply clicks on the ADP button, boom, in to their ADP profile. It works, it's more secure, easier on the management, faster for the user, less chance of phishing or vishing attacks or even social attacks to get authentication. They are in, the SAML connection keeps the connection protected, and the internet footprint of authentication for your organization is HIGHLY reduced. Win win win...and another win lol.
@@visionflightsim . Shouldn't it be mentioned that the user needs to first authenticate with IDP first?
@@murmur2410 sometimes. It's not a recommended security practice to mention it at the outside. The users are told internally. Only thing on the outside is the banner that states "screw you don't connect to my stuff...blah blah blah". No evidence to your setup should ever be available on the outside.
Great video. Thanks for sharing!
Thanks for the video, better explanation I have found.
Sir.. I need to integrate saml with next cloud server... I have downloaded the saml libraries but not able to integrate the next cloud application with my IDENTITY ACCESS MANAGEMENT SERVER
Hi Vishal, for inquiries please reach out to our Support Community (support.pingidentity.com/s/community-home). Thank you!
perfect explanation, simple and crisp .. Thank you
was this an IDP initiated SAML since the SP did not send a SAML request to the IDP?
Good and simple explanation, clean as water
Thanks for the good explanation
Right to the point.. 👍
A 9 year old video does a better job explaining than current literature. Figures.
Wrapping the concept under a Nut ...Awesome..
great explanation
Simple but clear
Very nice video..
informative thank you very much.
Informative!
Nice into music
Perfect.
This doesn't differentiate from OAuth.
Good stuff
Tank you
thanks
Very poor explanation - nothing on what if any n/w connectivity is require between idp + sp
Ya jwt saml are analogous.. :P
Literally the worst description of transaction flow I've ever seen. If he knows how saml works I see no evidence of it in this video.
Lisa
good video but the SP and IDP do no talk to each other , instead , the SP redirects the user to the IDP , IDP generates the assertion and profile and then user goes back to the SP who lets the user through so he can access the app , you can check out the SAML flow here :
en.wikipedia.org/wiki/Security_Assertion_Markup_Language
User accesses SP
SP checks with IdP if use is valid **SP->IdP**
-not logged in
SP redirects to IdP
IdP validates user
User returns to SP
SP checks with IdP if use is valid **SP->IdP**
-receives user info
SP Authentication continues
Chi è che gioca a gioga giue UE oua acontrola a
no tech deep detail at all
here to hack my school website , and this is a track im leaving behind incase they need it