Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SAML 2.0 vs OpenID

Tags:

authentication

openid

saml

saml-2.0

Given that SAML 2.0 supports the "federation" concept, and given that well-know players like Google use SAML, can someone explain why some other services (e.g., stackoverflow) use OpenID? Is that just a historical reason?

like image 674
chen Avatar asked Oct 18 '12 18:10

chen

People also ask

Is OpenID better than SAML?

If your organization uses an API-centered architecture, OIDC will provide a better experience for users of native and single-page applications. OIDC is lightweight and more performance-friendly than SAML. For large enterprises that require a higher level of security, SAML might be the better choice.

What is difference between SAML and OAuth and OpenID?

Security Assertion Markup Language (SAML) is an open standard that attempts to bridge the divide between authentication and authorization. OAuth is an open authorization standard. OpenID Connect is an authentication standard that runs on top of OAuth 2.0.

What is difference between OAuth2 and SAML?

Primarily, SAML 2.0 is designed to authenticate a user, so providing user identity data to a service. OAuth 2.0 is designed as an authorization protocol permitting a user to share access to specific resources with a service provider.

2 Answers

First I should say Google is a SAML provider and as well as an OpenID Provider.

In case of stackoverflow, if they are willing use SAML 2.0 for SSO, then they need to couple stackoverflow with Google or any other SAML Provider in advance. And when stackoverflow has coupled to many SAML providers, when a user tried to login, stackoverlow needs a mechanism to figure out to which identity provider it should redirect the user for authentication. (you may use SAML 2.0 Profiles, section 4.3 Identity Provider Discovery Profile). But anyways this is going to be a painful implementation.

But with OpenID, it has its own discovery profile, stackoverflow doesn't have to know the Identity Provider in advance, no direct coupling. So they are using the correct protocol.

like image 144
SureshAtt Avatar answered Sep 27 '22 22:09

SureshAtt

As far as my knowledge:

OpenID allows a web (stackoverflow) to use identity from various OpenID providers (and there is no sharing identity on this)

SAML (/w federation) allows an Identity to be shared in various service providers/web(s)

like image 29
yudis Avatar answered Sep 27 '22 23:09

yudis
Sign in to Comment

Related questions

Telegram bot API is the chat_id unique for each user contacting the bot?
Authentication Required for everything I do in Ubuntu 19.10
When should I override the configure(AuthenticationManagerBuilder auth) from Spring Security in a Spring Boot app?
Skip SignIn page with next-auth.js to go directly to provider
WCF, Security and Certificates
Does JBoss cache authentication information?
Switching authentication approaches at runtime with Spring Security?
Spring Security RememberMe Services with Session Cookie
Is it possible to enable HTTP basic authentication in Internet Explorer?
SQL CREATE TABLE Error
Is Spring the right choice for me?
Django development server smart card authentication
Should a failed login attempt result in a http 401 response
Programmatically add roles after authentication
Authentication with public keys and cx_Oracle using Python
Using Devise/Cancan/Rolify together
How to authenticate username/password using PAM w/o root privileges
FormsAuthentication.SignOut() does not work
Apply authentication in etherpad lite
Restful API call using IOS with authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!