en:index:documentation:sp:proxy:protocols

Protocols

Proxy IdP supports two protocols for connecting a service - SAML2 and OpenID Connect.

SAML2

Security Assertion Markup Language 2.0 is a version of the SAML standard for exchanging authorization data between the identity provider and the service provider. SAML is an XML-based protocol. Two major roles play a part in the SAML protocol - Identity Provider(IdP - Retains authoritative information about users, authenticates users and passes on information about users.) and Service Provider(SP - Provides a service offered to be used by users. SP delegates user authentication to an IdP and consumes user data provided by the IdP). Both of these entities have to have a published file containing metadata describing them. En exhcange of the metadata between the entities is needed to provide functionality.

OpenID Connect

OpenID Connect (OIDC) is an extension of the OAuth2 authorization protocol. It specifies authentication procedure and describes standardized API for obtaining user information. In terms of applications, OIDC is similar to SAML2, but:

  • SAML SP is called Relying Party (RP)
  • SAML IdP is called OpenID Provider (OP)
  • no metadata exchange between IdP and SP is required
  • the user chooses by himself which personal data wants to make accessible for the application
  • applications are not limited be web-based only (they can be mobile, desktop, command-line, SmartTV)

For more information about the OpenID Connect protocol please look at our presentation.

SAML2 vs OIDC

SAML2 OIDC
Application type Web application Web and native application
Format XML JSON
Set-up difficulty Hard to implement Easy to implement and use
Can invalidate an access tokens? No Yes
Last modified:: 2020/12/09 15:00