42 lines
1.4 KiB
Markdown
42 lines
1.4 KiB
Markdown
---
|
||
title: "SAML Authentication"
|
||
type: concept
|
||
tags:
|
||
- SAML
|
||
- Authentication
|
||
- SSO
|
||
- Security
|
||
- Identity
|
||
sources:
|
||
- public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee
|
||
last_updated: 2026-05-11
|
||
---
|
||
|
||
## SAML Authentication
|
||
|
||
SAML(Security Assertion Markup Language)是一种基于 XML 的开放标准身份认证协议,用于在身份提供商(IdP)和服务提供商(SP)之间交换认证和授权数据。[[AWS-End-User-Computing]] 中的 [[AppStream-2]] 支持 SAML-based Authentication。
|
||
|
||
## How It Works in AWS EUC Context
|
||
|
||
SAML 认证在 AWS EUC 中的典型流程:
|
||
1. 用户向企业 IdP(如 Azure AD / Microsoft Entra ID)发起登录请求
|
||
2. IdP 验证用户身份,生成 SAML 断言
|
||
3. 断言转发给 AWS 服务(AppStream 2.0 或 Workspaces)
|
||
4. AWS 基于断言授予访问权限
|
||
|
||
## Benefits
|
||
|
||
| 优势 | 说明 |
|
||
|------|------|
|
||
| **增强安全性** | 集中化身份管理,支持 MFA |
|
||
| **简化用户体验** | 单点登录(SSO),无需单独记忆每个服务密码 |
|
||
| **合规性** | 集中审计用户访问行为 |
|
||
|
||
## Connections
|
||
- [[AppStream-2]] ← uses ← [[SAML-Authentication]]
|
||
- [[AWS-End-User-Computing]] ← supports ← [[SAML-Authentication]]
|
||
- [[Active-Directory-Integration]] ← often_used_with ← [[SAML-Authentication]]
|
||
|
||
## Sources
|
||
- [[public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee]]
|