Infrastructure Achievements
SAML (Authentication)

An authentication and authorization protocol that powers single-sign-on and identity management
UAEU in transitions from Traditional Authentication to SAML 2.0. UAEU using F5 Networks that implements Application Delivery controller and SAML (Security Assertion Markup Language). It consists of three functional parts:
- The identity provider (IdP): This component is associated with UAEU identity and access management resources and is used to manage user authentication session and supply attributes bound to the user to service providers (SP) for authorization.
- The service provider (SP): This component is attached to the Web Service (SaaS or Server).
- The browser: the client is usually a web browser although SAML does support.
F5 APM IdPs and SPs (SaaS application, ServiceNow, Cornerstone, etc.) securely exchange authentication, authorization, and configuration information with one another via an XML metadata file. IdPs and SPs listed in the metadata file typically form a federation. A federation is mainly a trust relationship; for example, membership in the confederation extends access to default user attribute information that uses for authorization checking — security of messaging between IdP and SPs mainly handled by applying cryptography at various levels. SAML messages are digitally signed and encrypted.
At the UAEU, there are the federations in service:
- UAEU web SSO federation (known as the F5 APM reverse proxy): this consists of the production IdP service run by DoIT Security Team and SPs run by DoIT application team and Cloud service provider (ServiceNow, Cornerstone, Blackboard and OCLC Library system).
- live@office365 federation: Federation service between the UAEU and Microsoft to provide access to the CloudMail, Office365, one-drive, etc.
UAEU Single Sign-On Federation
To install, configure and operate a SAML 2.0 service provider, consult the DoIT Security and Application team.
SAML 2.0 (Security Assertion Markup Language) technology is an XML-based protocol and OASIS standard used to exchange authentication and authorization information securely in a variety of environments. It’s being deployed at the UAEU to provide web SSO services.
