I need a better understanding of the relationship between SAML and API integrations.
Our company has two major needs :
(1) single sign-on (user 'Bob' will login into 'ACME.com' and then click a link to automatically enter our site without login again)
(2) transfer of information - one of our tools will send an XML string to company X, they will run a program and return an XML string to us with additional information. Currently this is done through a web service (API). Not sure how to better secure this? Does SAML come into play here?
I see how SAML will be used for (1) the single sign-on. But is SAML used for, or needed for an API when passing XML strings? We currently use SOAP or just XML.
Please let me understand how SAML, SOAP and web services all play together.
If I were to approach a new company with the idea of creating a web service to communicate, would they ask me to use SAML?