Given that SAML 2.0 supports the "federation" concept, and given that well-know players like Google use SAML, can someone explain why some other services (e.g., stackoverflow) use OpenID? Is that just a historical reason?
Asked
Active
Viewed 1,836 times
6
-
Take a look here: [http://stackoverflow.com/questions/2837553/saml-vs-federated-login-with-oauth][1] [1]: http://stackoverflow.com/questions/2837553/saml-vs-federated-login-with-oauth – Aleksei Anufriev Oct 18 '12 at 20:04
2 Answers
7
First I should say Google is a SAML provider and as well as an OpenID Provider.
In case of stackoverflow, if they are willing use SAML 2.0 for SSO, then they need to couple stackoverflow with Google or any other SAML Provider in advance. And when stackoverflow has coupled to many SAML providers, when a user tried to login, stackoverlow needs a mechanism to figure out to which identity provider it should redirect the user for authentication. (you may use SAML 2.0 Profiles, section 4.3 Identity Provider Discovery Profile). But anyways this is going to be a painful implementation.
But with OpenID, it has its own discovery profile, stackoverflow doesn't have to know the Identity Provider in advance, no direct coupling. So they are using the correct protocol.
SureshAtt
- 1,891
- 2
- 17
- 22
-
5Probably worth also adding that SAML is more popular in enterprise or business-to-business type relationships where a strong trust relationship is required. OpenID is more of an enabler to identify a user from any provider out there (consumer world). – Scott T. Oct 19 '12 at 04:21
1
As far as my knowledge:
OpenID allows a web (stackoverflow) to use identity from various OpenID providers (and there is no sharing identity on this)
SAML (/w federation) allows an Identity to be shared in various service providers/web(s)
yudis
- 49
- 2