Final answer:
In SAML implementations with IdPs, like those in Splunk Cloud, credentials are indeed exchanged through a browser session, and digitally signed XML certificates are used from an IdP. The limitation to a single IdP might vary with different implementations.
Step-by-step explanation:
The questions are regarding Security Assertion Markup Language (SAML) used with Identity Providers (IdP) and its implementation in Splunk Cloud services. Here are the truths about the statements:
- Credentials are exchanged through a browser session: This is true as SAML is a standard used to exchange authentication and authorization data between parties, notably between an IdP and a service provider, and this often happens through the user's browser.
- Currently limited to a single identity provider: This statement may vary based on the implementation and version in use. Historically, some services were limited to a single IdP for SAML integration, but many services now support multiple IdPs.
- Uses digitally signed XML certificates from an IdP: This is true, as SAML relies on digitally signed XML documents to ensure the integrity and authenticity of the communication between the IdP and the service provider.
It is important to stay updated with the current capabilities of Splunk Cloud as technology and services can evolve to support more features over time, such as multiple identity providers.