SAML Interview Questions (2023)
In this post, questions from SAML Interviews will be answered for Experienced and Freshers. We're trying to share our experience and learn how to help you make progress in your career.
Spring Boot Security Interview Questions:
What is SAML?
What is a SAML Assertion?
What are different types of SAML?
What is Authentication in SAML?
What is Authorization in SAML?
What is Identity Provider?
What is SAML Service Provider?
What is Single Sign-On ?
Is SAML uses Single-Sign On (SSO)?
How Does SAML Work?
On which protocols does SAML work?
What are advantages of using SAML?
What are the major difference between SAML and OAuth?
Which open source tools are available for SAML-based SSO?
Q: What is SAML?
Security Assertion Markup Language (SAML) is an open standard uses XML-based framework to allows identity providers (IdP) to exchange and communicate authentication and authorization to service providers (SP).
Q: What is a SAML Assertion?
SAML Assertion is the XML document that the Identity Provider sends to the service provider that holds the user's authorization.
Q: What are different types of SAML?
There are three different types of SAML Assertions.
- Authentication assertions shows the user's identity and include the time the user has signed in and what authentication process they have used.
passes the SAML attributes, wich contains information about the user to the service provider
- Authorization decision assertion, indicates whether user is authorized and allowed to use the service or if the identify provider denied their request.
Q: What is Authentication in SAML?
Authentication validates the identity of the user, whether the user is valid or not.
Q: What is Authorization in SAML?
Authorization determines whether user have specific permission or not, once the authentication is successful.
Q: What is Identity Provider?
It does authentication and passes the user's identity and authorization level to the service provider.
Q: What is SAML Service Provider? A SAML service provider is a service that receives and accepts authentication in combination with
a single sign-on profile of the Security Assertion Markup Language (SAML).
Q: What is Single Sign-On ?
Single sign-on ( SSO) is an authentication process that allows users to securely authenticate several applications and websites using only one set of credentials.
Q: Is SAML uses Single-Sign On (SSO)?
SAML enables Single-Sign On (SSO), which implies that users can log in once, and same credentials can be re-used to log in to other service providers.
Q: How Does SAML Work?
SAML works by exchanging information about user's logins information, and attributes between the identity provider and service providers.
- Each user logs in once to Single Sign On with the identify provider.
- then the identify provider can pass SAML attributes to the service provider when the user attempts to access those services.
- The service provider requests the authorization and authentication from the identify provider.
- f the verification is successful, the user will be logged in.
Q: On which protocols does SAML work?
SAML works on below protocols:
- Hypertext Transfer Protocol (HTTP)
- File Transfer Protocol (FTP)
- Simple Mail Transfer Protocol (SMTP)
- Electronic Business XML
Q: What are advantages of using SAML?
- Standardized: The SAML standardized format designed to be compatible with any device that is independent of implementation.
- Improved users experiance: SAML uses SSO (Single sign ons), which implies single page used for user signups from which users can access all the applications of a particular website. For example, Google users can access its applications YouTube, Gmail, Drive by the method of SSO.
- Security: SAML provide a single point of authentication at a secure identity provider. It implies that user credentials never leave the firewall boundary, and then SAML is used to confirm the identity to others.
Q: What are the major difference between SAML and OAuth?
- SAML provides enterprises with more control to keep their SSO logins safer, while OAuth is better on mobile which uses JSON.
- OAuth uses a similar approach as SAML to exchange login information.
- OAuth is a slightly more recent standard that has been co-developed by Google and Twitter to allow seamless internet login.
Q: Which open source tools are available for SAML-based SSO?
Keycloak is a modern application and service-oriented open source Identity and Access Management system. Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console are some of the features offered by Keycloak.
It works with a variety of protocols, including Oauth 2.0, SAML 2.0 and OpenID Connect. User credentials can also be stored locally or via an LDAP or Kerberos backend.
When a user logs in successfully with Keycloak, they are given a token, which is saved as a cookie in the browser, and they are automatically sent back to the service they were trying to access. This token usually includes a username as well as information about the user's permissions.
Refer Spring Boot Keycloak SSO Example to understand it's implementation.