SSO |
Abbreviation for Single Sign-On. It refers to a mechanism that enables the use of multiple services with a single authentication. The service that provides this mechanism is called a single sign-on service. |
SAML |
Abbreviation for Security Assertion Markup Language. In a broad sense, it is one of the mechanisms that make SSO possible and refers to a standard for authentication between different domains. In a narrower sense, the XML itself exchanged within the standard is also referred to as SAML. It is mainly used to implement single sign-on. The current latest standard is “SAML v2.0” (SAML2.0), which was established in 2005. |
IdP |
Abbreviation for Identity Provider. It refers to a system that provides identification information and authentication results of users to various services. In case of the YubiOn Portal SSO, the YubiOn Portal itself is an IdP. |
SP |
Abbreviation for Service Provider. In general, it refers to a company or organization that provides some kind of service, but in terms related to SSO and SAML, it refers to a system that receives authentication results from an IdP and provides some service. In the YubiOn Portal, it is also referred to as SSO application or App. |
IdP-Initiated |
This is one of the methods of starting SSO, and refers to the method of starting the use of SP by performing an operation from the IdP. In case of the YubiOn Portal, it corresponds to the method of logging in to the service by clicking the application icon on the SSO App login screen while the IdP-Initiated setting is “Enabled”. |
SP-Initiated |
This is one of the methods of starting SSO, and refers to the method in which an SP operates to inquire authentication information from an IdP and starts using the SP according to the IdP’s response. This is equivalent to performing operations such as “login with SSO” from the login screen of each SP. |
Entity ID |
Refers to the ID that uniquely identifies an IdP or SP. According to the SAML standard, it is recommended to use a URL format that includes the domain name. In the YubiOn Portal, the entity ID of an IdP is denoted as “IdP entity ID”, and the entity ID of an SP is denoted as “SP entity ID”. Depending on the implementation of the IdP or the SP, some have one entity ID for the entire system and some have one entity ID for each SSO linkage in the system; the YubiOn Portal uses the latter format. |
Assertion |
Refers to the part of SAML that describes user authentication information and attributes. |
Attribute |
Some SPs also refer to it as “SAML attribute”. This refers to additional information about the user (e.g., name, affiliation, etc.) sent from the IdP to the SP. |
AuthnRequest |
Refers to the authentication request data sent from the SP to the IdP during SP-Initiated in the SAML exchange. |
SAMLResponse |
Refers to the authentication result data returned by an IdP to an SP as a response to an AuthnRequest in a SAML exchange, or the authentication result data sent by an IdP to an SP when an IdP-Initiated. |
ACS URL |
Abbreviation for Assertion Consumer Service URL. The URL from which the SP receives the SAMLresponse. In the YubiOn Portal, it is called “SP Login URL”. |
NameID |
An identifier of the user on SAML. In the SP, it is often described as a user ID, which often corresponds to the ID used for login. |
Just-in-Time(JIT) Provisioning |
When using the SP with SSO, the user is not registered with the SP first, but is instead registered when the user logs in while using SSO for the first time. Availability depends on the SSO implementation. Generally, the information required for user registration in SSO is specified by attributes sent from IdP. |