Proxy IdP supports two protocols for connecting a service - SAML2 and OpenID Connect.
Security Assertion Markup Language 2.0 is a version of the SAML standard for exchanging authorization data between the identity provider and the service provider. SAML is an XML-based protocol. Two major roles play a part in the SAML protocol - Identity Provider(IdP - Retains authoritative information about users, authenticates users and passes on information about users.) and Service Provider(SP - Provides a service offered to be used by users. SP delegates user authentication to an IdP and consumes user data provided by the IdP). Both of these entities have to have a published file containing metadata describing them. En exhcange of the metadata between the entities is needed to provide functionality.
OpenID Connect (OIDC) is an extension of the OAuth2 authorization protocol. It specifies authentication procedure and describes standardized API for obtaining user information. In terms of applications, OIDC is similar to SAML2, but:
For more information about the OpenID Connect protocol please look at our presentation.
SAML2 | OIDC | |
---|---|---|
Application type | Web application | Web and native application |
Format | XML | JSON |
Set-up difficulty | Hard to implement | Easy to implement and use |
Can invalidate an access tokens? | No | Yes |