Both are used to exchange authentication and authorization data between the parties, but in a different format. SAML is a markup language (such as XML), and JWT is JSON.
SAML ( ssertion arkup anguage) is an open standard for the exchange of authentication and authorization data between parties, in particular, between IED (Id entity P rovider) and IP ( EP rovider), and this identity protocols are used in corporate deployments.
- IdP ( Id entity P rovider): authenticates users and provides service providers with authentication confirmation if successful;
- SP (C ro rider): Depends on the identity provider for user authentication.
SAML in Auth0
JWT ( J SON Web e Token) is an open standard (RFC 7519) that defines a compact and stand-alone way to safely transfer information between parties as a JSON object. This information can be verified and reliable because it is digitally signed. JWTs can be signed using secret (using the HMAC algorithm) or public / private key pairs using RSA.
JWT in Auth0
Usecase :
The single most important use case for SAML is single sign-on to a web browser (single sign-on, i.e. logging in once and receiving a token without having to log in to other services). Single sign-on is relatively easy to do in a security domain (for example, using cookies), but expanding single sign-on through security domains is more complex and has led to the spread of incompatible proprietary technologies. The SAML Web Browser single sign-on profile has been defined and standardized for compatibility. (For comparison, the later OpenID Connect protocol is an alternative approach to the SSO of a web browser.) The id_token token , usually called the id_token in the id_token code, is a JSON Web Token (JWT) that contains user profile information.
Premraj Jul 26 '18 at 1:58 2018-07-26 01:58
source share