SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP).
SAML requesters and responders communicate by exchanging messages. The mechanism to transport these messages is called a SAML binding. Talend Data Catalog supports HTTP redirect and HTTP POST SAML bindings.
You can always login using the administrator rescue login URL: http://<host>:<port>/MM/Auth?nativeLogin, where <port> is the HTTP port that Talend Data Catalog responds to.
Here is an example of the SAML authentication workflow, where Talend Data Catalog is the service provider:
- You try to login to Talend Data Catalog using a browser.
- Talend Data Catalog generates a SAML authentication request, signs and sends it directly to the identity provider using the HTTP-Redirect binding.
- Talend Data Catalog redirects the browser to the identity provider for authentication.
- The identity provider verifies the received SAML authentication request and if valid, presents a login page to enter your username and password.
- The identity provider generates a SAML Assertion (also known as a SAML Token) once you have successfully logged in. It sends it directly to a Talend Data Catalog assertion consumer service, such as Talend Data Catalog Authentication Servlet, using the HTTP-POST Binding.
- The identity provider redirects you back to Talend Data Catalog once the assertion is successfully parsed and validated.
- Talend Data Catalog verifies the SAML assertion, extracts your identity from it, assigns the correct permissions and logs you in to the service.