Applies to:
Denodo 8.0
,
Denodo 7.0
Last modified on: 28 May 2020
Tags:
Administration
SAML
Security
Web Services
Goal
This document describes how SAML 2.0 works when using it in the Denodo Platform and how it has been implemented.
Content
Security Assertion Markup Language (SAML) is a standard for exchanging authentication and authorization data between security domains. This protocol is available for REST web services published by Virtual DataPort using the Web Browser SSO Profile Identity Provider initiated with HTTP POST Binding.
Sequence Diagram of IdP-initiated Web Browser SSO initiated with HTTP POST Binding
SAML 2.0 in Virtual DataPort REST web services
Limitations of SAML 2.0 in Virtual DataPort REST web services
The main limitation of using SAML 2.0 with Web Browser SSO Profile Identity Provider profile is that, as REST is stateless (the server does not store any state about the client session on the server side) so each request must contain all of the information necessary to understand the request and cannot take advantage of any stored context on the server, so it is necessary to send a SAML Identity Provider Initiator request for each access.
Solution Manager SSO
Starting from Denodo 8.0, the Denodo Solution Manager can be integrated with identity providers and provides support for the SAML 2.0 authentication protocol. This option enables Single sign-on (SSO) capabilities, so once a user logs into Solution Manager, the user can directly access applications like Data catalog, Design studio etc.
References
SAML Authentication Configuration for REST Web Services
Invoking Web Services with SAML Authentication
SAML Configuration for Solution Manager SSO
Conformance Requirements for theOASIS Security Assertion MarkupLanguage (SAML) V2.0