SAML vs OAuth vs OpenID

Yogitha KYogitha K
2 min read

SAML

SAML simplifies the implementation of federated authentication and authorization, which involves multiple service providers across multiple organizations and security domains using a single identity provider. An example of federated identification is single sign-on (SSO)

We have integrated our multiple applications like AWS , jenkins, AWS vpn connection using OKTA

SAML is used mostly in enterprises. Many organizations use it for logging in users to internal networks. Once you’ve logged on, you don’t need to enter your credentials to access applications within the network.

OAuth2.0

OAuth is an open standard for authorization that grants secure delegated access to applications, devices, application programming interfaces (APIs) and servers via access tokens. OAuth authorizes an application to access your data without giving it access to your credentials.

You might have used OAuth when you let an application, say Trello, access your Gmail contacts. In this situation, you are the user, Trello is the consumer and Gmail is the service provider. Gmail provides the tokens that allow Trello to access your contacts.

Prior to OAuth, HTTP basic authentication was the most commonly used form of gaining access to systems, requiring only the use of a username and password. SSO came about when SAML became popular, but the problem with SAML is that it isn’t particularly suitable for single-page applications and modern web applications that make background HTTP calls to APIs .Also, SAML isn’t ideal for mobile phones, smart TVs and the Internet of Things. OAuth, with its use of JSON packets and API calls, is ideal for the modern web.

while OpenID Connect handles the authentication aspect (providing an ID token with user information), OAuth 2.0 is still used in conjunction with OpenID Connect to obtain access tokens that are used to access resources on behalf of the user (e.g., accessing Google services).OAuth 2.0 is still used in conjunction with OpenID Connect to obtain access tokens that are used to access resources on behalf of the user (e.g., accessing Google services).

OpenIDConnect

Based on the OpenID decentralized authentication protocol, OpenID Connect provides an authentication layer atop OAuth 2.0. It addresses the lack of an authentication mechanism in OAuth, which is a weakness when it comes to authorizing sensitive transactions such as payments.

In the case of OpenID Connect, you’ve likely used it if you’ve authenticated your account in another application using Facebook or some other application. You sign in to Facebook, which is the identity provider, to access the third-party application (e.g., Spotify). You might have logged on to Facebook but your credentials are stored safely within Facebook, safe from any potential threat in case Spotify gets hacked.

0
Subscribe to my newsletter

Read articles from Yogitha K directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Yogitha K
Yogitha K