Sep 10, 2017

SAML is used to define 2 parties in the authentication process:

Service provider – The service to which the user wants to log into
Identity provider – The user who wants to access the service
These 2 providers establish trust by passing XML metadata files from one to the other. This is a one time configuration step. Afterwards, when a user tries to access the service, SAMLRequest and SAMLResponse are XML strings that are sent between the two providers and do the actual authentication. This is a one time process, which allows the users to do SSO for their desired application.