This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Standards Based SSO
Standards Based SSO

Version management

Difference between version and

At line 1 added 36 lines
!!! Overview
!! [OpenID Connect] vs. [SAML]
Choosing between [OpenID Connect] and [SAML] is not just a matter of using a newer protocol ([OIDC]) instead of the older more mature protocol ([SAML]).
!! In most cases we recommend using [OIDC].
[SAML] tends to be a bit more verbose than [OIDC].
Beyond verbosity of exchanged data, if you compare the specifications you’ll find that [OIDC] was designed to work with the web while [SAML] was retrofitted to work on top of the web.
For example, [OIDC] is also more suited for [HTML5]/[JavaScript] applications because it is easier to implement on the client side than [SAML]. As tokens are in the [JSON] format, they are easier to consume by [JavaScript]. You will also find several nice features that make implementing security in your web applications easier.
For [example], check out the [iframe] trick that the specification uses to easily determine if a user is still logged in or not.
[SAML] has its uses though. As you see the [OIDC] specifications evolve you see they implement more and more features that [SAML] has had for years. What we often see is that people pick [SAML] over [OIDC] because of the perception that it is more mature and also because they already have existing applications that are secured with [SAML]
!! Comparison Table
A table comparing aspects of [{$pagename}] Certainly [WEB Single Sign-On].
%%zebra-table-cccccc
%%sortable
%%table-filter
||Description||[SAML V2.0]||[OAuth 2.0]||[OpenID Connect]
|Initiating user’s login session|YES|NO|YES
|Collecting user [consent]|NO|YES|YES
|[Identity Tokens]|YES|NO|YES [JWT]
|Distributed and aggregated claims|NO|NO|YES
|Dynamic introduction|NO|NO|YES
|[Session] [timeout]|NO|NO|YES
/%
/%
/%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop