Rough Notes - Fix
Overview: SAML has been around for a fair amount of time (roughly 8 years) and still is widely used for authentication and authorisation of end-users on the Internet. OAuth2 is used to allow internet users to give internet/web-based applications access to the user's information without the user password. OpenID Connect is an extension to OAuth2 and generally the way to go instead of SAML for user authentication.
Azure Active Directory Supports:
Using Postman to Generate an OAuth Token Example
Overview: SAML has been around for a fair amount of time (roughly 8 years) and still is widely used for authentication and authorisation of end-users on the Internet. OAuth2 is used to allow internet users to give internet/web-based applications access to the user's information without the user password. OpenID Connect is an extension to OAuth2 and generally the way to go instead of SAML for user authentication.
Azure Active Directory Supports:
- SAML 2.0
- OAuth 2.0,
- OIDC, and
- WS-FED.
SAML:
- SAML is an umbrella standard that covers federation, identity management and single sign-on (SSO); and
- SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based a markup language for security assertions.
Limitations of SAML:
1.
It was launched in November 2002 which supports SSO
but has now been deprecated by a lot of auth suppliers.
2.
SAML is not supported with native Mobile
Applications. Hybrid mobile apps can work with it.
3.
As it has now deprecated, finding it may not be supported by the latest technologies applications and technologies.
OAuth
2.0:
1. Derived from OAuth, Auth2 uses 2 passwords and is more secure.
2. (Open Authorization) is a standard for authorization of resources. It does not deal with authentication. It was released in 2006.
1. Derived from OAuth, Auth2 uses 2 passwords and is more secure.
2. (Open Authorization) is a standard for authorization of resources. It does not deal with authentication. It was released in 2006.
Limitations of OAuth:
1.
It only deals in Authorization so we have a limitation
that we cannot verify the user's identity, i.e. Authentication.
OpenID
Connect:
- OpenID Connect (OIDC) is a protocol to
verify user identities and get the user profile information. OIDC enables
devices/apps to verify identities based on the authentication done by an
authentication server
- It was launched in February 2014
- OpenID Connect (OIDC) is an
authentication layer on top of OAuth 2.0, an authorization framework
- OpenID Connect is built on top of OAuth 2.0, specifies a RESTful HTTP API, and uses JSON as a data format (JWT). It has a specialized set of predefined data types and endpoints for exchanging user information between the identity provider and the application.
- There are two different types of flows in OIDC, pick the appropriate flow, normally Code flow over implicit.
Advantages of OpenID Connect
1.
It supports SSO and federation.
2.
Has good support with .Net Core.
3.
It supports a wide range of clients like web
applications, mobile apps and JavaScript applications.
4.
Have support with Azure AAD B2C as per Microsoft
guidelines and others like Google+.
Comparing
Differences:
- https://www.gluu.org/resources/documents/articles/oauth-vs-saml-vs-openid-connect/
- https://stackoverflow.com/questions/7699200/what-is-the-difference-between-openid-and-saml.
- https://www.quora.com/What-is-the-difference-between-OAuth-OpenID-and-OpenID-Connect
Support
with Azure b2c
Web
sign-in with OpenID Connect in Azure Active Directory B2C
- https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-openid-connect-with-ad-fs
- https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2
Using Postman to Generate an OAuth Token Example
Using the Generated Bearer token in a get Request
Tip: To examine a Bearer token use the website https://jwt.io