This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. The Principal: This is typically the user who requires a service from tries to access a protected resource or service of a service provider entity.
  2. The Identity Provider: The SAML authority which provides the identity assertion to authenticate a principal An Identity Provider (IdP) is responsible for authenticating users and issuing assertion which includes authentication/authorization decisions and user attributes.
  3. The Service Provider: The SAML consumer which provides service for principalsA Service Provider(SP) consumes the assertions issued by Identity Provider and provides services to the principals. 

The main use case scenario covered by SAML is the Principal (the user) requesting access to resource or service from the Service Provider. Then the Service Provider, using SAML, communicates with the Identity Provider to obtain identity assertion. The Service Provider makes the access control decision, depending on this assertion.