SAML 2.0 vs OpenID

Question

SAML 2.0 vs OpenID

Given that SAML 2.0 supports the concept of federation, and given that well-known players like Google use SAML, can anyone explain why some other services (like stackoverflow) use OpenID? Is this just a historical reason?

+6

authentication openid saml saml-2.0

chen Oct 18 '12 at 18:46

source share

2 answers

Sureshatt · Answer 1 · 2012-10-18T20:13:33+0000

First I have to say that Google is a SAML provider as well as an OpenID provider.

In the case of stackoverflow, if they want to use SAML 2.0 for SSO, then they need to associate stackoverflow with Google or any other SAML provider in advance. And when stackoverflow is associated with many SAML providers, when a user tried to log in, stackoverlow needs a mechanism to figure out to whom the identity provider should redirect the user to authentication. (you can use SAML 2.0 profiles, section 4.3 "Identity Provider Discovery Profile"). But in any case, it will be a painful implementation.

But with OpenID, it has its own discovery profile, stackoverflow should not know the Identity Provider in advance, without a direct connection. Therefore, they use the correct protocol.

yudis · Answer 2 · 2014-03-14T03:44:51+0000

As far as I know:

OpenID allows a website (stackoverflow) to use an identifier from various OpenID providers (and it is not shared)

SAML (/ w federation) allows you to use Identity for different service providers / websites.

SAML 2.0 vs OpenID

More articles: