Both SAML and JWT are security token formats that are not dependent on any programming language. SAML is the older format and is based on XML. It's used commonly in protocols like SAML-P, WS-Trust and WS-Federation (although not strictly required).
SAML 2.0
Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. SAML 2.0 creates a two-way agreement between two vendors asserting that the information provided is valid. It provides a standard framework to share this information so you do not have to recreate the configuration for every vendor you want to share information.
By default, SSO is turned off. All authentication is explicitly done via username and password entry. You can now choose to enable SSO using SAML 2.0 by selecting "SAML 2.0" from the selection list:
JWT (JSON Web Token)
SON Web Token (JWT, pronounced jot) is a ID Token based on JSON to pass user information as Header, Payload and Signature structure. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA. JWT can be used for Authentication and Information Exchange.
JWT (JSON Web Token) tokens are based on JSON and used in new authentication and authorization protocols like OpenID Connect and OAuth 2.0.
Note: Access Tokens (which aren't always JWTs) are used to inform an API that the bearer of the token has been authorized to access the API
Example: Select JWT from the list as below:
