Reputation: 221
Differences between SAML/OpenSAML/Shibboleth and OAuth/OpenId
1) I don't concretely underdstand fundamental differences between SAML and OAuth. OAuth is for authorization but OpenId for authentication too and SAML both authorization and authentication ? And why to use a combination of both technologies ?
2) Inside SAML tehcno, what is the difference between shibboleth and OpenSAML ? I know OpenSAML has been developped by Shibboleth and is used for Shibboleth solution but why to not use it directly without Shibbloeht ? What does Shibboleth bring ?
Thank you,
Upvotes: 5
Views: 7627
Answers (1)
Reputation: 46700
They are two different protocols and you would never use them together.
SAML is older - not good for mobile - mainly for enterprise - XML tokens.
OpenId Connect is newer - good for mobile - JWT tokens.
OpenID Connect is a standard for how to use OAuth for authentication. OAuth is for authorisation.
SAML is a protocol definition - you can't use it as such - it's a document.
OpenSAML is an implementation of the SAML protocol.
Shibboleth is an identity provider that uses OpenSAML to deliver the SAML functionality.
Upvotes: 14
Related Questions
- openid or saml for single signon with service providers
- OpenID connect VS SAML flows
- what to choose from OPENID and SAML 2.0
- Question on OpenID Connect, Saml and OAuth
- What can SAML 2.0 do that OID connect can not?
- Advantage of OpenID connect over SAML
- What are the equivalent OpenID Connect and SAML actors/roles?
- Choosing the correct authentication protocol
- SAML 2.0 vs OpenID