Child pages
  • Basics of SAML/OAuth2/OIDC
Skip to end of metadata
Go to start of metadata

What is SAML?

    • IDPs and SPs
    • SP trusts the identity provided by IDP
    • Example
      • Norwegian gov - IDP
      • Pension app - SP
    • delivers Cross Domain SSO

Flow

    • User hits SP1
    • SP1 redirects to IDP (Authn Req)
    • IDP authenticates user
    • IDP provides an assertion
    • SP1 can use claims in assertion
    • User hits SP2
    • redirected to IDP
    • authentication already done so assertion provided to SP2

IDP Proxy allows chaining of IDPs

OAuth2 - is about authorization

    • 3 types of token involved
      • Access Token
      • Refresh Token
      • Authz CodeDifferent flows
    • Different flows and grant types
      • Authz code grant
      • password grant
      • client credentials grant
      • SAML2 bearer

OIDC - provides authentication layer on top of OAuth2

    • provides identity and authentication
Timeline
  • SAML - old
  • OAuth2 - young 
  • OIDC - youngest
  • No labels