Geek Answers Handbook

What is recommended for our scenario: OpenID + self-provider or SAML?

Here is our situation:

  • we have a main portal developed in ASP.Net 4.0
  • There are several other web portals in our organization that would like to use our portal for authentication and single sign-on. These portals can be on any platform: PHP, classic ASP, JSP, etc.
  • And there are a few more external portals for which we also need SSO. These external portals are well known in advance, and they are in a closed environment: this means that they would not prefer login attempts using random OpenID random authentication.

I looked through various articles, both in StackOverflow and in general, for example, What is the difference between OpenID and SAML? but I couldn’t conclude which of the above is the best option:

All tips will be highly appreciated :)

+4
source share
1 answer

Let me highlight one important difference between OpenID and SAML. In OpenID, a service provider is not associated with an identity provider. The service provider does not know about the Identity Provider until an OpenID identifier is found. But in SAML, the service provider is associated with the identity provider. Between them there is a predetermined trust.

Thus, when considering your case, the best solution is to use SAML. SAML will allow users in your organization to log on to portals with the organization. And an external portal can trust your Identity Provider providers and allow your organization’s users to access these external portals. Or, if these external portals already have their own identity providers, you can create trust between the external identity providers and the Identity Provider organization using SAML (for example, passive STS) and allow users of your organization to log on to these external portals.

+4
source

More articles:


All Articles