SSO Glossary

This section summarizes the general terms and YubiOn Portal’s terms related to SSO technology.

General terms

Term Explanation
SSO Abbreviation for Single Sign-On. It refers to a mechanism that enables the use of multiple services with a single authentication. The service that provides this mechanism is called a single sign-on service.
SAML Abbreviation for Security Assertion Markup Language. In a broad sense, it is one of the mechanisms that make SSO possible and refers to a standard for authentication between different domains. In a narrower sense, the XML itself exchanged within the standard is also referred to as SAML. It is mainly used to implement single sign-on. The current latest standard is “SAML v2.0” (SAML2.0), which was established in 2005.
IdP Abbreviation for Identity Provider. It refers to a system that provides identification information and authentication results of users to various services. In case of the YubiOn Portal SSO, the YubiOn Portal itself is an IdP.
SP Abbreviation for Service Provider. In general, it refers to a company or organization that provides some kind of service, but in terms related to SSO and SAML, it refers to a system that receives authentication results from an IdP and provides some service. In the YubiOn Portal, it is also referred to as SSO application or App.
IdP-Initiated This is one of the methods of starting SSO, and refers to the method of starting the use of SP by performing an operation from the IdP. In case of the YubiOn Portal, it corresponds to the method of logging in to the service by clicking the application icon on the SSO App login screen while the IdP-Initiated setting is “Enabled”.
SP-Initiated This is one of the methods of starting SSO, and refers to the method in which an SP operates to inquire authentication information from an IdP and starts using the SP according to the IdP’s response. This is equivalent to performing operations such as “login with SSO” from the login screen of each SP.
Entity ID Refers to the ID that uniquely identifies an IdP or SP. According to the SAML standard, it is recommended to use a URL format that includes the domain name. In the YubiOn Portal, the entity ID of an IdP is denoted as “IdP entity ID”, and the entity ID of an SP is denoted as “SP entity ID”. Depending on the implementation of the IdP or the SP, some have one entity ID for the entire system and some have one entity ID for each SSO linkage in the system; the YubiOn Portal uses the latter format.
Assertion Refers to the part of SAML that describes user authentication information and attributes.
Attribute Some SPs also refer to it as “SAML attribute”. This refers to additional information about the user (e.g., name, affiliation, etc.) sent from the IdP to the SP.
AuthnRequest Refers to the authentication request data sent from the SP to the IdP during SP-Initiated in the SAML exchange.
SAMLResponse Refers to the authentication result data returned by an IdP to an SP as a response to an AuthnRequest in a SAML exchange, or the authentication result data sent by an IdP to an SP when an IdP-Initiated.
ACS URL Abbreviation for Assertion Consumer Service URL. The URL from which the SP receives the SAMLresponse. In the YubiOn Portal, it is called “SP Login URL”.
NameID An identifier of the user on SAML. In the SP, it is often described as a user ID, which often corresponds to the ID used for login.
Just-in-Time(JIT) Provisioning When using the SP with SSO, the user is not registered with the SP first, but is instead registered when the user logs in while using SSO for the first time. Availability depends on the SSO implementation. Generally, the information required for user registration in SSO is specified by attributes sent from IdP.

YubiOn Portal’s terms

Term Explanation
Template attributes This refers to the attributes required by the SP that are set when the SSO App is created from a template. There is no difference in the actual SAML communication between the template attributes and custom attributes.
Custom attributes This refers to attributes other than template attributes that can be freely configured by the administrator who is responsible for SSO settings. There is no difference in the actual SAML communication between the template attributes and custom attributes.
Member properties Refers to the individual values that are set for each member in order to set the user ID/attribute. It sets what member properties exist for the customer as a whole and what values those properties have for members.