Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Federated vs. Delegated, OAuth vs OpenID Connect vs SAML

Tags:

identity

openid-connect

oauth-2.0

federated-identity

identity-delegation

I am trying to understand differences between Federated Authentication and Delegated Authentication, But I am getting more and more confused.

  1. Do we use SAML protocol ALWAYS for Federated Authentication? or What?

  2. Is it possible to use OpenID Connect (or OAuth) for both authentication methods?

  3. Do we need to have Trusted connection between two domains to be able to have Delegated or Federated authentication?

  4. Do we always use SAML for Partners and OpenID Connect (or OAuth) for Customers?

  5. I will be grateful if somebody explains different steps for these two authentication methods between two domains (Partners and Enterprise).

like image 444
user217648 Avatar asked Oct 24 '17 12:10

user217648

People also ask

What is the difference between SAML and OAuth and OpenID?

The primary difference between SAML vs. Oauth vs. OpenID is that Oauth is a framework that controls authorization to protected resources like applications or groups of files. OpenID Connect and SAML, on the other hand, are industry standards for federated authentication.

Is OpenID Connect better than SAML?

It is much simpler to implement than SAML and easily accessible through APIs because it works with RESTful API endpoints. This also means it works much better with mobile applications.

What is the difference between SAML and OpenID Connect?

In SAML, the user is redirected from the Service Provider (SP) to the Identity Provider (IDP) for sign in. In OpenID Connect, the user is redirected from the Relying Party (RP) to the OpenID Provider (OP) for sign in. The SAML SP is always a website.

Is SAML the same as OpenID?

OpenID lacks user authorization data (such as permissions) and focuses primarily on identity assertion. SAML is an identity data exchange and is very feature-rich. Authentication is decentralized with OpenID. SAML uses assertions versus the OpenID and OAuth architecture of ID tokens.

1 Answers

A difference between the two methods are:

A delegated solution means that one site is simply outsourcing its authentication needs to another pre-selected site. If your site uses Facebook Connect, you are delegating your authentication facilities to Facebook. Visitors to your site cannot use any other accounts, only accounts from the vendors you have pre-selected.

A federated solution means that visitors to your site can use any account they have, as long as it is compatible. It makes no difference to the site which account is being used, as long as it can interoperate. At its core, OpenID is a federated solution because its most important feature is the ability to use any OpenID account with any OpenID-enabled service.

Source

Now to your questions:

  1. Not only SAML but OpenId Connect, OAtuh2 or even others protocols can be used as well.
  2. Yes. Just note that delegated solution is less secure.
like image 50
Albert Avatar answered Oct 18 '22 21:10

Albert
Sign in to Comment

Related questions

OAuth2 based SSO
OAuth Google API for Java unable to impersonate user
Securing Flask-Restful API with OAuth2
Doorkeeper Revoke Token
Could not load System.Web.Cors in Owin Startup.cs
oAuth2 client with password grant in Spring Security
Android Chrome custom tabs / Fitbit web API won't redirect if app is already authorized. (OAuth2.0)
Get location fragment with Fetch API redirect response
Laravel 5.3 : Passport Implementation - {"error":"invalid_client","message":"Client authentication failed"}
How to limit user actions with Laravel Passport Scopes + Password Grant Type
How to authenticate SPA users using oAuth2?
Jwt tokens authorization is not working
OAuth2 difference between callback url and redirect url?
IOException thrown by AccountManagerFuture.getResults whereas connection is alive
How can I get an updated access token, using stored refresh token
MVC 5 Identity 2 and Web API 2 authorization and call api using bearer token
Wrong number of segments in token (OAuth Google Api)
Google login get access token with new GoogleSignInOptions
spring boot oauth2 with jdbc token store gives oauth_access_token relation doesn't exist
How do chromiumapp.org extension redirects work for Google Chrome?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!