![\"\"](\"https:\/\/ontoborn.com\/blog\/wp-content\/uploads\/2022\/07\/image-41.png\")
<\/a><\/figure>\n\n\n\n<\/a><\/p>\n\n\n\n Single sign-on (SSO) is the process by which a user can log in to multiple applications using a single set of credentials. This is a handy feature and efficient considering the number of websites these days and most of them asking for authentication. We all know that we can’t keep track of so many credential sets for each of the applications. SSO came to the rescue!!!<\/p>\n\n\n\n Instead of establishing their identity over and over, the user is authenticated once and can then access several different services and applications.<\/p>\n\n\n\n An example of one such feature is Google. With a single login, you can access all of their services like Gmail, Photos, Drive, and many more. Other applications also allow users to use Google login for authentication provided they have their system integrated with Identity Providers like Google, Facebook, etc<\/p>\n\n\n\n There are a lot of standards and protocols that provide SSO and some of the famous ones are<\/p>\n\n\n\n In the later part of this article, we will be looking at SAML, OAuth2 with OIDC in detail.<\/p>\n\n\n\n There are many benefits of SSO as follows<\/p>\n\n\n\n SAML is an XML-based standard for exchanging authentication and authorization data between IdPs and service providers to verify the user\u2019s identity and permissions, then grant or deny their access to services.<\/p>\n\n\n\n SAML is an open standard that has become one of the core standards for SSO. SAML uses an XML document called Assertion( that contains the user authorization) that the Identity Provider sends to the service provider. SAML 2.0 was introduced in 2005 and remains the current version of the standard. SAML 2.0 is specifically optimized for use in web applications, which enables information to be transmitted through a web browser<\/p>\n\n\n\n A sample SAML Assertion in the XML file<\/strong><\/p>\n\n\n\n SAML terminologies<\/strong><\/p>\n\n\n\n A typical SAML workflow consists of an IdP, SP, and user. User information is sent as an assertion.<\/p>\n\n\n\n Let us assume that the user has an account with the Idp and has valid credentials in place<\/p>\n\n\n\n Let’s break the above diagram into multiple steps for easier understanding<\/p>\n\n\n\n OAuth is a newer standard than SAML, and it was jointly developed by Google and Twitter beginning in 2006. It was developed in part to compensate for SAML\u2019s deficiencies on mobile platforms and is based on JSON rather than XML. OAuth2 uses JWT tokens widely and hence is lighter and faster than SAML.<\/p>\n\n\n\n Before we deep dive into OAuth2 and OIDC, let’s look at the terminologies used<\/p>\n\n\n\n OAuth2 Terminologies<\/strong><\/p>\n\n\n\n The OAuth2 protocol allows the authorization server to issue access tokens to third-party applications after getting the consent of the resource owner (user) These access tokens are used by third-party applications like Bitbucket, Slack, etc to access resources provided by the resource server.<\/p>\n\n\n\n You must have already used OAuth2 if you have signed up for a new application and agreed to import contacts from Google \/ Facebook etc. You might have used a feature that has asked you to share your post or photos on Facebook \/ Instagram etc. This is the OAuth2 protocol, which provides secure delegated access without sharing the credentials<\/p>\n\n\n\n OAuth2 is used only for Authorization and not for Authentication<\/p>\n\n\n\n With OpenID, the user\u2019s credentials are used only by the Authorization server after the browser routes the request. Upon verification, an access token is issued to the user by which the user can access multiple applications without sharing their credentials with every application.<\/p>\n\n\n\n You must have already used OIDC if you have signed in to applications using your Google \/ Facebook \/ Twitter login. OpenID Connect is an open standard that organizations use to authenticate users.<\/p>\n\n\n\n OIDC is used for Authenticating the users<\/p>\n\n\n\n OAuth is an open-standard authorization protocol that is used to Authorize users and OIDC is used to Authenticate users. OIDC sits on top of OAuth 2.0 to add information about the user and enable the SSO process. It allows one login session to be used across multiple applications. For example, as seen below, you can use the social media login to access the applications without creating an account in the application<\/p>\n\n\n\n OAuth2 flow with OIDC Integrated<\/strong><\/p>\n\n\n\n The above diagram explains the whole process that happens when you log in to an application using Google. The number of steps might look complicated but this overall process ends in a matter of milli seconds to seconds. Let’s break it down step by step.<\/p>\n\n\n\n Assume that the user already has a login account with Google<\/p>\n\n\n\n Although SAML may seem superior in enterprise settings, there are some scenarios where OAuth makes sense.<\/p>\n\n\n\n In this article, we saw the types and benefits of SSO. Then we dived deep into two of the famous SSO protocols namely SAML and OAuth2. When exploring OAuth2, we saw what is the minor difference between OAuth2 and OIDC and then saw the use case with both of them combined. The article ended with which protocols can be used for some use cases.<\/p>\n\n\n\n I have tried my best to explain SSO, SAML, and OAuth2. Hope you have enjoyed this article and thanks for reading.!!!<\/p>\n\n\n\n<\/a>What is Single Sign-on?<\/strong><\/h1>\n\n\n\n
<\/a>Types of SSO<\/strong><\/h1>\n\n\n\n
<\/a><\/figure>\n\n\n\n<\/a>Benefits of Single Sign-On SSO<\/strong><\/h2>\n\n\n\n
<\/a>What is SAML (Secure Assertion Markup Language)?<\/strong><\/h1>\n\n\n\n
<\/a><\/figure>\n\n\n\n<\/a><\/figure>\n\n\n\n<\/a>What is OAuth2?<\/strong><\/h1>\n\n\n\n
<\/a>What is OpenID Connect (OIDC) ?<\/strong><\/h1>\n\n\n\n
<\/a>Using OIDC with OAuth2<\/strong><\/h1>\n\n\n\n
<\/a>A sample login page with OAuth2 and OIDC enabled<\/strong><\/h2>\n\n\n\n
<\/a><\/figure>\n\n\n\n<\/a><\/figure>\n\n\n\n<\/a>When To Use SAML and When To Use OAuth2 ( with OIDC)<\/strong><\/h1>\n\n\n\n