Reputation: 1243
Advantage of OpenID connect over SAML
I know that both the federation protocols can be used to manage user identities. Basically for Gmail based login, I want to know the benefits of using OpenID Connect over SAML.
OpenID connect is simpler JSON/REST based with compared to SAML. Apart from this is there any benefit of using OpenID Connect for Gmail based authentication?
Upvotes: 0
Views: 892
Answers (2)
Reputation: 4809
It depends on what you call "GMail based login".
1- if you mean let my users read their mails on GMail using their credentials maintained in my internal organization, OIDC and SAML will do the same. This is simply not the same protocol. So, depending on your internal directory (Active Directory, NetIQ eDirectory, openldap, /etc/passwd, etc.), it may be easier to use one of these protocols.
2- but if you mean connect to GMail with my application, on behalf of my users, only OIDC will let you do that, because of the underlying OAuth2.0 mechanism.
OIDC means authentication and authorization, SAML only means authentication.
Upvotes: 1
Reputation: 46700
Historically, SAML and WS-Fed were used for enterprise connections and are browser based.
OIDC is for mobile and can be used via ADAL for native devices i.e. non-browser based e.g. dektop applications.
Upvotes: 0
Related Questions
- openid or saml for single signon with service providers
- OpenID connect VS SAML flows
- Question on OpenID Connect, Saml and OAuth
- Which SSO strategy is more secure SAML 2.0 or OpenId Connect?
- Why is OpenID Connect considered mobile friendly compared to SAML
- What can SAML 2.0 do that OID connect can not?
- Differences between SAML/OpenSAML/Shibboleth and OAuth/OpenId
- What are the Differences/Similarities between SAML 2.0 and OpenID Connect?
- SAML 2.0 vs OpenID