SSO: SAML vs OAUTH vs OIDC
ฝัง
- เผยแพร่เมื่อ 3 มี.ค. 2022
- What is the right Authentication Protocol for your Business Case? Which authentication protocol would you choose? In this video we will take you through the business cases of SAML, OAuth and OIDC (OpenID Connect).
- วิทยาศาสตร์และเทคโนโลยี
still don't really get the difference.
I'm late to the party, but for anyone stumbling onto this from google:
With SAML, you know who is talking. It's an ID card. With OATH, you know the person is allowed inside. It is a car key. OIDC is built on OATH, so it is a key, but this key includes identity so you also know who is talking. I guess we'll call it a work access/key badge.
If the key fits in the car, you can start it. No idea if its you, your wife, or a car theif - the car starts. An ID card explains who the person featured on the card is, what they look like, etc.
OAuth can also provide authentication. It is called the "Authorization Code Flow" which, like the SAML example you gave, involves the user's browser being redirected to a credential-collecting page, etcetera, etcetera.
To me this video about SAML was eye opening. That is what I was looking for and your diagram explained SAML very properly.
Thanks. Liked and Subscribed
Thank you
Where was OIDC in it?
The slides didn't add a lot of value to the discussion. Especially for oauth. They could be improved by either splitting them into more slides or adding animations. This would help the viewer to follow along with the flow. This is pretty important as the flow of operations and message exchanges are the most helpful things to understand here. As it stands, i don't feel like this video has helped me. But i also came here to compare saml and oidc, and unfortunately the video didn't cover oidc.
SAML is an Authentication/Authorization protocol..OAuth2/OIDC should ALWAYS be on the same sentence.
Probably, but they are two different protocols that complement each other
oAuth2 is an authorization delegation protocol that people started to abuse using it for authentication use cases. Due to this, a spec (on top of) oAuth 2 was created so that it can be better suited for authentication purposes in a standard way, and that was called OIDC. oAuth2 can go perfectly alone as long as it is used the way it was intended for authorization only uses cases; and for authentication use cases we use OIDC (which is just a small extension on top of oAuth2).
Thank you for sharing your knowledge
Thank you
Please correct the typos...
well explained
Thanks
There was no explanation over OIDC
so what is the OIDC?
OIDC is built upon Oauth2, Oauth2 bring the authorization part of the equation, OIDC brings the Authentication part of the equation, but people dont treat, so you can say OIDC = Oauth2 + Authentication. Literally, if you look at how Oauth alone works and how OIDC (stands for OpenID Connect ) works, the process is like 97% similar, with some minor additional variables here and there that are specific ot OIDC. Basically it appears that SAML was made for Authentication/Authorization, whiles Oauth was built for Authorization, but people started using Oauth for authentication,, which lead to the creation of OIDC, which is basically and upgraded version of Oauth that is more secure and allows for authentication.
@@mubaraksalley2727 great break down
The Auth in OAuth stands for Authorisation
exactly ..this is the whole puzzle
Informative thanks
My pleasure
After watching this I found the following video about oauth and oidc. It does a much better job at exposing the whole flow with clean animations and clear narration. It does not cover saml though. But oauth and oidc are very well explained there: th-cam.com/video/t18YB3xDfXI/w-d-xo.html
The OAuth tokens can be encrypted, in multiple ways too.... Not only that you will find that OIDC is the base layer, it is authentication, OAuth is for Authorization which is a layer on top of OIDC, then SAML is another layer on top of that which federates platforms together.
It doesn't explain why OAuth and OIDC could be used over SAML? better to give examples from real life to explain where each (SAML, OAuth, OIDC) could be used
Thanks for the feedback
please make this video in english
maybe get your ears checked
@@MA-dm4xy He needs to check and treat his ears, brain, and narcissistic ego