Modern Large Applications

Security Assertion Markup Language (SAML)

SAML Tutorial: How SAML Authentication Works - SAML 2.0 SSO Flow Diagram

Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. This single sign-on (SSO) login standard has significant advantages over logging in using a username/password:

  • No need to type in credentials

  • No need to remember and renew passwords

  • No weak passwords

Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It makes sense to use this information to log users in to other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML.

SAML is very powerful and flexible, but the specification can be quite a handful. OneLogin’s open-source SAML toolkits can help you integrate SAML in hours, instead of months. We’ve come up with a simple setup that will work for most applications.

5 Steps to Add Modern Authentication to Legacy Apps Using JWTs


  • traditional cookie-based authentication
  • traditional session-based authentication
  • token-based authentication
  • save the JWT as a Cookie


  • use jQuery to make the AJAX calls
  • how to protect your RESTful API with JWT


1) Traditional Web Applications

What's different between Sessions & Cookies?

2) Modern Web Applications

How to use cookies to handle JWTs?