The correct answer is:
Assertions, Protocol, and Binding
This is correct, SAML main components are Assertions, Protocol, and Binding.
DISCUSSION:
Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). What that jargon means is that you can use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc.
SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service.
SAML works by passing information about users, logins, and attributes between the identity provider and service providers. Each user logs in once to Single Sign On with the identify provider, and then the identify provider can pass SAML attributes to the service provider when the user attempts to access those services. The service provider requests the authorization and authentication from the identify provider. Since both of those systems speak the same language – SAML – the user only needs to log in once.
Assertions, Protocol, and Binding
In the public cloud world, identity providers are increasingly adopting OpenID and OAuth as standard protocols. In a corporate environment, corporate identity repositories can be used. Microsoft Active Directory is a dominant example. Relevant standard protocols in the corporate world are Security Assertion Markup Language (SAML) and WS-Federation.
SAML consists of a number of components that, when used together, permit the exchange of identity, authentication, and authorization information between autonomous organizations.
The first component is an assertion which defines the structure and content of the information being transferred. The structure is based on the SAML v2 assertion schema.
How an assertion is requested by, or pushed to, a service provider is defined as a request/response protocol encoded in its own structural guidelines: the SAML v2 protocol schema.
A binding defines the communication protocols (such as HTTP or SOAP) over which the SAML protocol can be transported.
Together, these three components create a profile (such as Web Browser Artifact or Web Browser POST). In general, profiles satisfy a particular use case. The following image illustrates how the components are integrated for a SAML interaction.
Two other components that may be included in SAML messages are:
Metadata
Metadata defines how configuration information shared between two communicating entities is structured. For instance, an entity's support for specific SAML bindings, identifier information, and public key information is defined in the metadata. The structure of the metadata is based on the SAML v2 metadata schema. The location of the metadata is defined by Domain Name Server (DNS) records.
Authentication Context
In some situations, one entity may want additional information to determine the authenticity of, and confidence in, the information being sent in an assertion. Authentication context permits the augmentation of assertions with information pertaining to the method of authentication used by the principal and how secure that method might be. For example, details of multi-factor authentication can be included.
NIST SP 800-63C (https://pages.nist.gov/800-63-3/sp800-63c.html) has the following info on SAML:
Security Assertion Markup Language (SAML)
SAML is an XML-based framework for creating and exchanging authentication and attribute information between trusted entities over the internet. As of this writing, the latest specification for SAML is SAML v2.0, issued 15 March 2005.
The building blocks of SAML include:
- The Assertions XML schema, which defines the structure of the assertion.
- The SAML Protocols, which are used to request assertions and artifacts (the assertion references used in the indirect model described in Section 7.1).
- The Bindings, which define the underlying communication protocols (such as HTTP or SOAP), and can be used to transport the SAML assertions.
The three components above define a SAML profile that corresponds to a particular use case such as “Web Browser SSO”.
SAML Assertions are encoded in an XML schema and can carry up to three types of statements:
Authentication statements include information about the assertion issuer, the authenticated subscriber, validity period, and other authentication information. For example, an Authentication Assertion would state the subscriber “John” was authenticated using a password at 10:32 pm on 06-06-2004.
Attribute statements contain specific additional characteristics related to the subscriber. For example, the subject “John” is associated with the attribute “Role” with the value “Manager”.
Authorization statements identify the resources the subscriber has permission to access. These resources may include specific devices, files, and information on specific web servers. For example, subject “John” for action “Read” on “Webserver1002” given evidence “Role”.
The following answers are incorrect:
Authentication, Attribute and Authorization
These are not the main components of SAML
Assertions, Protocol, and Authorization
These are not the main components of SAML
Assertions, Protocol, and Authentication
These are not the main components of SAML
