Unveiling the new chapter: SecurDI’s brand refresh journey – Read the blog!
#nowhiring for multiple positions in USA, CANADA & INDIA  See Open Positions
Linkedin
Say Hello

WS-Fed vs SAML vs OAuth

Authentication and Authorization for Federated Identities can be achieved in multiple ways. This post is a concise comparison of some of the most popular ways of implementing federation in organizations.

WS-FEDSAMLOAuth
UsageAuthenticationAuthenticationAuthorization
ScenarioSSOSSOAccess to resources
Naming conventionsClient
Identity Provider (IdP)
Resource		Client
Identity Provider (IdP)
Service Provider (SP)		Client 
Authorization server
Resource server
ProcedureAuthentication is done on the IdP side and a token is given to access the resource.Authentication is done on the IdP side and a token is given to access the resource.Authorization grant is given by resource for getting the Access token from Authorization Server to access the resource
Request to IdP/ Authorization serverQuery parameters in a Request Security Token (RST)SAML requestUser is Authorization Key
Response from IdP/ Authorization serverRequest Security Token Response (RSTR). Inside that RSTR is a SAML assertion.Inside that SAML response is a SAML assertion.Access key
Non-repudiationResponses are signedResponses may or may not be signedResponses are signed
Sign-in Protocol1. Wa: indicates need for login
2. Wtrealm: Tells IdP which SP is being requested access.
3. Wctx: Session data
4. Wct: exact time of accessing SP		1. SAMLRequest: Base64 encoded XML
2. RelayState:Session Data
3. SigAlg: Signature algorithm
4. Signature: digital signature of the request		1. Response_type : specifies the action needed from IdP
2. client _id: Identification of the SP
3. Resource: URL/URI of SP
4. Redirect_uri:browser or SP
Authentication ProtocolForms-basedKerberosForm-based, OTC(one-time code) for access token for requesting necessary user data
TokenSAML 1.1 token is sent to the browser which is sent via POST request to SPSAML 2.0 tokenJSON Web Token (JWT)
TransportHTTP, POST or HTTP REDIRECT binding , SOAP or JMSHTTP, POST or HTTP REDIRECT binding , SOAP or JMSHTTP only
More Informationhttps://securdi.com/iam/working-of-ws-fed/https://securdi.com/iam/how-saml-works/https://securdi.com/iam/working-of-oauth/

Through our seasoned professionals, we can also help you evaluate, develop and operate these protocols for between your Access Management system and your enterprise applications thus providing a seamless user experience.

– Authored by Gayatri Priyadarshini

Ready to discuss?

Fill out your details to hear back promptly from one of our experts.

Fill out the form below to start the conversation.

*Required Information

Your personal information may be used for marketing purposes as described in our Privacy Notice. You can unsubscribe at any time.

Linkedin

SecurDI is a Cybersecurity strategy and implementation company with a focus on Identity and Access Management.

MENU

WEBSITE POLICIES

CONTACT

USA: SecurDI LLC, 44679 Endicott Drive, Suite 262, Ashburn, VA 20147


Copyright 2024© Securdi LLP. All rights Reserved.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Success

Thank you for filling up the form. Our team will get in touch with you shortly.