A. Client, Service Provider, identity provider (IdP), Token
In a Security Assertion Markup Language (SAML) based federation system, the typical components are:
Client: The user or system that requests access to a service.
Service Provider (SP): The system that provides the service the client wants to access. It relies on the identity provider to authenticate users.
Identity Provider (IdP): The system that authenticates the user and provides the service provider with a token (assertion) that indicates that the user is who they say they are.
Token (SAML Assertion): A package of information that includes the user's identity, authentication status, and potentially other attributes. It's created by the identity provider and consumed by the service provider.
The other options mix up concepts from different authentication and authorization protocols, like OAuth 2.0 (which involves an authorization server, resource server, and grants) and OpenID Connect (which involves an identity provider and claims).
The IdP can send three types of XML messages known as assertions:
Authentication Assertion (tokens) This provides proof that the user agent provided the proper credentials,
identifies the identification method, and identifies the time the user agent logged on.
Authorization Assertion This indicates whether the user agent is authorized to access
the requested service. If the message indicates access is denied, it indicates why.
Attribute Assertion Attributes can be any information about the user agent.
The SAML 2.0 specification utilizes three entities: the principal, the service provider,
and the identity provider. For example, imagine Sally is accessing her investment account at
ucanbeamillionaire.com. The site requires her to log on to access her account, and the
site uses SAML.
Principal or User Agent For simplicity, think of Sally as the principal. She’s trying to
access her investment account at ucanbeamillionaire.com.
Service Provider (SP) In this scenario, the ucanbeamillionaire.com site is providing
the service and is the service provider.
Identity Provider (IdP) This is a third party that holds the user authentication and
authorization information.
A. (Client, Service Provider, Identity Provider (IdP), Token) is the correct combination of components for a Security Assertion Markup Language (SAML) based federation system.
CISSP 9th Edition Page 691...The IdP sends three types of XML messages known as assertions..
Authentication Assertion
Authorization Assertion
Attribute Assertion
D is correct.
Common components of a Security Assertion Markup Language (SAML) based federation system include: Client, Service Provider, and identity provider (IdP), Assertion (or SAML token).
• Client: the entity that wants to access a resource
• Service Provider (SP): the entity that controls access to the resource the client is trying to access
• Identity Provider (IdP): the entity that authenticates the client and generates the SAML assertion or token
• Assertion (or SAML token): the security token that contains the client's authentication information, attributes and authorizations.
Option D mentions "Resource Server" and "Assertion," which, again, are terms more commonly associated with OAuth 2.0.
So, option A is the correct choice for components in a SAML-based federation system.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tygrond87
Highly Voted 1 year, 6 months agojackdryan
1 year, 6 months agoKJ44
Most Recent 2 weeks, 3 days ago629f731
10 months, 1 week ago629f731
10 months, 1 week agoSoleandheel
11 months, 1 week agobabaseun
1 year, 6 months agoRollingalx
1 year, 9 months agoRollingalx
1 year, 9 months agobherto39
1 year, 1 month ago