Authenticating with SAML

Authenticating with SAML

The SAML (Security Assertion Markup Language) adapter provides Single Sign On (SSO) and Single Log Off (SLO) in your deployment. SAML works by using Identity Providers (IdP) and Service Providers (SP):

Identity Provider: A trusted system that provides single sign-on for users to access other websites.

Service Provider: A website that hosts applications and grants access only to identified users with proper credentials.

Liferay DXP instances can serve as either Service Provider (SP) or Identity Provider (IdP).


A single Liferay DXP instance is either the SP or the IdP in your SSO setup; it can’t be both. You can, however, use separate instances for both purposes (for example, one instance is the SP and another is the IdP).

You can jump right to configuring SAML or learn how it works: