Single Sign On

In a Salesforce context.

The idea is click on a web link to a different service and not be asked to log in again. You've already logged in somewhere trusted (Salesforce in this context). The original login must vouch for you to the second location. This trust between sites allows the single sign on. So what's the vocabulary?

Certificate

Acts like a digital passport. The second service will look at the certificate to gain confidence that you are who you say you are, called assurance. You can generate a certificate yourself with Salesforce, but a lot of companies will require a 3rd party to generate the certificate. The 3rd party is often referred to as a trusted Certificate Authority (CA). The CAs themselves get authority from higher up the food chain and create a Trust Chain from the root authority to the Certificate Authority.

Private/Public Keys

If it were an apartment key or a dorm room key, then you'd have 2 keys. One key could only lock the door; it's public. You don't care where it is left or how many you have; it can only lock the door. The other is private. It unlocks the door. Don't let it out of your sight.

Files in a Certificate

crt : a compressed version of the word certificate. This is the certificate key itself.

csr : a Certificate Signing Request, what's sent to the CAs.

Issuer URL

That's going to be you. It tells the other end of the connection who's knocking on the door.

Identity provider (IdP)

Service provider (SP)

SAML assertion

Security Assertion Markup Language (SAML) protocol. A protocol is just an agreed upon recipe; how to communicate. If the Certificate is the digital passport, then the SAML assertion is the boarding pass.