Security Assertion Markup Language (SAML) is an XML-based format for exchanging authentication and authorization data between an identity provider and a service provider.
Checkmarx’s Static Application Security Test (CxSAST) has just become SAML 2.0 aware and can now be configured to act as a SAML 2.0 Service Provider. SAML supports the user lifecycle by retrieving users from the Corporate Identity Provider (IdP) and defining them in CxSAST. This allows for more centralized and enhanced user management.
%20Diagram.jpg?version=2&modificationDate=1488117996470&cacheVersion=1&api=v2&width=600&height=450)
- The user makes a request to the Service Provider (e.g. CxSAST) for a specific resource
- The Service Provider detects that authentication is required and redirects the Web Browser to the Identity Provider (e.g. OKTA)
- The Web Browser accesses the Identity Provider and the user is checked for authentication
- Once the user receives authentication, the Identity Provider sends a response back to the Web Browser
- The Web Browser then sends an authentication token to the Service Provider
- The Service Provider processes the assertion and the user is automatically logged in.