Differences between SAML/OpenSAML/Shibboleth and OAuth/OpenId

2
votes

1) I don't concretely underdstand fundamental differences between SAML and OAuth. OAuth is for authorization but OpenId for authentication too and SAML both authorization and authentication ? And why to use a combination of both technologies ?

2) Inside SAML tehcno, what is the difference between shibboleth and OpenSAML ? I know OpenSAML has been developped by Shibboleth and is used for Shibboleth solution but why to not use it directly without Shibbloeht ? What does Shibboleth bring ?

Thank you,

1
oauthopenidsamlshibbolethopensaml

1 Answers

5
votes

They are two different protocols and you would never use them together.

SAML is older - not good for mobile - mainly for enterprise - XML tokens.

OpenId Connect is newer - good for mobile - JWT tokens.

OpenID Connect is a standard for how to use OAuth for authentication. OAuth is for authorisation.

SAML is a protocol definition - you can't use it as such - it's a document.

OpenSAML is an implementation of the SAML protocol.

Shibboleth is an identity provider that uses OpenSAML to deliver the SAML functionality.