In this video, learn the differences between Security Assertion Markup Language (SAML 2.0) and OIDC, which is built on the OAuth 2.0 framework. Read the full post: jumpcloud.com/...
Learn more about SSO with JumpCloud: jumpcloud.com/...
Try JumpCloud for free: jumpcloud.com/...
Resources and social media:
-Blog: jumpcloud.com/...
-Community: community.jump...
-Facebook: / jumpcloud.daas
-Twitter: / jumpcloud
-LinkedIn: / jumpcloud
#jumpcloud #sso #singlesignon #oauth2 #saml
Transcript:
OpenID Connect and SAML are both used for single sign-on or SSO, and the sign-in process is similar. However, there are distinct technical differences to assess before you begin your project. SAML allows an identity provider or IDP to securely federate identity for authentication and authorization into web apps. SAML can be more difficult for service providers or SPs to implement, and some even charge for it. It requires XML schema to transmit user information. That aspect can be very granular for managing access, control, and permissions, but it also adds some complexity. That's where OpenID comes in. It can be simpler for SPs to implement because it's lightweight and high performance. It's only focused on authentication. That makes it a popular choice for managing sign-in flows and assertions for mobile applications.
SAML is a widely used mature SSO protocol. Passwords aren't sent over the wire or stored with SPs. It signs users in with one set of credentials, but also can authorize access to resources between the IDP and the SP. XML documents transmit assertions about the user, who they are, and how that information was issued. Web browsers help to make this happen and SAML is always going to be used for websites. OpenID is based on the OAUTH 2.0 standard and works a bit differently. Users are redirected from the relying party, RP, to the OpenID provider, OP, as opposed to IDPs and SPs. There are direct calls between the RP and OP using REST and JSON message flows that are accessible using APIs.
ID tokens transmit information, or claims, about the user versus it being contained in SAML's XML documents. Claims are OpenID's equivalent to SAML assertions. The difference in how identity information is released between the protocols means that OpenID can be used for both websites and applications. Both SAML and OpenID are authentication protocols, and it's not a binary choice. They can be used in combination with other authentication standards depending on the use case. For example, a subject matter expert within the healthcare industry would use SAML for secure application portal access, but a mobile app would benefit from the efficiencies of OpenID. The choice comes down to your technical requirements, what applications your organization is using, and the resources that are available to implement SSO.
JumpCloud offers both SAML and OpenID configurations for SSO implementation, as well as pre-built and custom connectors. Learn more at the link in the description below.