Security Assertion Markup Language (SAML) is an XML-based specification that defines how an identity provider (a SAML authority) and a service provider can exchange authentication and authorization data. It is developed and maintained by the Organization for the Advancement of Structured Information Standards (OASIS).

SAML is a network protocol. It stipulates that an identity provider must generate a SAML assertion containing information about an authenticated user. This SAML assertion is then transported over HTTP to a SAML service provider. A single SAML assertion can be used as an authentication token by many service providers across different security domains, enabling enterprises to implement cross-domain single sign-on (SSO).

SAML-based SSO benefits both, application users and enterprises. It enables users to access multiple applications without having to log in each time. Using an identity provider as a SAML authority enables enterprises to manage users, roles, and permissions from a central authentication and authorization repository.

PAS for OpenEdge supports SAML 2.0. You can configure PAS for OpenEdge web application can be configured to act as a SAML service provider, enabling an OpenEdge domain to participate in a cross-domain SAML SSO implementation.

PAS for OpenEdge automatically creates an ABL CLIENT-PRINCIPAL object from a valid SAML assertion. This assertion is used to authenticate the user across all parts of the ABL application, including its databases, thus implementing SSO all the way through the application.