Authenticating with SAML
The SAML (Security Assertion Markup Language) adapter provides Single Sign On (SSO) and Single Log Off (SLO) in your deployment. SAML works by using Identity Providers (IdP) and Service Providers (SP):
Identity Provider: A trusted system that provides single sign-on for users to access other websites.
Service Provider: A website that hosts applications and grants access only to identified users with proper credentials.
Liferay DXP instances can serve as either Service Provider (SP) or Identity Provider (IdP).
A single Liferay DXP instance is either the SP or the IdP in your SSO setup; it can’t be both. You can, however, use separate instances for both purposes (for example, one instance is the SP and another is the IdP).
You can jump right to configuring SAML or learn how it works:
- SAML Authentication Process Overview
- Configuring SAML at the System Level
- SAML Admin
- Importing User Groups’ Memberships from an External IdP Through SAML
- Configuring SAML at the Instance Level
- SAML Configuration Reference