Openid-connect or SAML 2.0

0
votes

Our current Application

Backend is in Spring Boot 2(RestAPI's) and Angular in the front-end. Once Authentication is done it currently uses JWT(Bearer) to perform create, update, and delete resources via passing Authorization headers for RestAPI's. For reading operations, it can be accessed by all without any authorization.

Now, due to the increase in applications, we are moving to IDP with KEYCLOAK

I wanted to know which type of SSO to be used for the given case.

SAML 2.0 If implemented, after SSO with SAML how do I create/Update/Delete response for my REST endpoint? as I see SAML provides assertion and I require a bearer token to create the resource. How to use assertion to create/Update/Delete response for my REST endpoint?

I tried to implement this using the Spring-Saml extension. But, I was not able to achieve the above objective.

OIDC-OAuth If implemented, how do I filter read-only endpoints to all that is certain URL's to be available without an authorization? Keycloak default implementation is out-of-the-box for OIDC.

I’ve implemented this in oidc using Keycloaks adapter for spring rest .

Thanks!!

1
spring-bootkeycloakopenid-connectsaml-2.0keycloak-rest-api

1 Answers

1
votes

SAML 2.0 is an older XML based protocol whereas Open Id Connect is JSON based and browser / mobile friendly. In any modern architecture use OIDC. See also this summary.

It is still possible to integrate SAML identity providers into an OIDC architecture by using federation features of the authorization server. However, your actual application code should know nothing about SAML - it should just work with OAuth 2.0 tokens after sign in.

If possible I would avoid SAML completely.