History: SAML

            !  {icon name="users"} SAML

!! Overview
((Tiki17)) and later can be a SAML Service Provider (SP), thanks to the integration of [https://github.com/onelogin/php-saml|OneLogin's SAML PHP Toolkit].

Up to ((Tiki23)), it requires installation via ((Packages)). Starting in ((Tiki24)), it is built-in.

When setting up Tiki as a SAML Service Provider, you would need to provide to the IdP the URLs for assertion consumer service, and single logout service (if used). These are : http<your site baseurl>/tiki-login.php?saml_acs and http<your site baseurl>/tiki-login.php?saml_sls respectively.

~tc~ Preference documentation generated from https://sourceforge.net/p/tikiwiki/code/HEAD/tree/trunk/lib/prefs/ ~/tc~
~tc~ To update documentation see https://dev.tiki.org/How-to-get-commit-access ~/tc~
{PREFDOC(tab="login-saml2")/}

{QUOTE(replyto="Wikipedia" source_url="https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language")}Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. 

The single most important requirement that SAML addresses is web browser single sign-on (SSO). Single sign-on is common at the intranet level (using cookies, for example) but extending it beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID Connect protocol.){QUOTE}

!! Related links
* See also ((Tiki as a SAML IDP))
* https://en.wikipedia.org/wiki/Identity_provider
* https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language