In a single sign on system there are two roles; Service Providers and Identity Providers (IP). The important characteristic of a single sign on system is the pre-defined trust relationship between the service providers and the identity providersidentity providers. Service providers trust the assertions issued by the identity providers and the identity providers issue assertions based on the results of authentication and authorization of principles which access services on the service provider's side.
The following are some of the advantages you can have with SSO:
...
The message MUST contain an element which uniquely identifies the service provider who created the message. Optionally the message may contain elements such as , etc. More information regarding the message can be found in SAML Core Specification.The message MUST contain , , , , elements. The message MUST be integrity protected. More information regarding the message can be found in SAML Core Specification.
The following diagram illustrates the scenario:
...