Reputation: 4510
SAML 2.0 vs OpenID
Given that SAML 2.0 supports the "federation" concept, and given that well-know players like Google use SAML, can someone explain why some other services (e.g., stackoverflow) use OpenID? Is that just a historical reason?
Upvotes: 6
Views: 1878
Answers (2)
Reputation: 49
As far as my knowledge:
OpenID allows a web (stackoverflow) to use identity from various OpenID providers (and there is no sharing identity on this)
SAML (/w federation) allows an Identity to be shared in various service providers/web(s)
Upvotes: 1
Reputation: 1951
First I should say Google is a SAML provider and as well as an OpenID Provider.
In case of stackoverflow, if they are willing use SAML 2.0 for SSO, then they need to couple stackoverflow with Google or any other SAML Provider in advance. And when stackoverflow has coupled to many SAML providers, when a user tried to login, stackoverlow needs a mechanism to figure out to which identity provider it should redirect the user for authentication. (you may use SAML 2.0 Profiles, section 4.3 Identity Provider Discovery Profile). But anyways this is going to be a painful implementation.
But with OpenID, it has its own discovery profile, stackoverflow doesn't have to know the Identity Provider in advance, no direct coupling. So they are using the correct protocol.
Upvotes: 7
Related Questions
- OpenID connect VS SAML flows
- what to choose from OPENID and SAML 2.0
- Question on OpenID Connect, Saml and OAuth
- Which SSO strategy is more secure SAML 2.0 or OpenId Connect?
- Is SAML an Authentication mechansim?
- What can SAML 2.0 do that OID connect can not?
- Differences between SAML/OpenSAML/Shibboleth and OAuth/OpenId
- Advantage of OpenID connect over SAML
- SAML 2.0 password authentication
- Choosing the correct authentication protocol