SAML v. OAuth v. OpenID Connect
Michael Schwartz
CEO, Gluu
SAML OpenID Connect
Assertion (signed XML) id_token (signed JSON)
IDP (Identity Provider) OP (OpenID Provider)
SP (Service Provider) RP (Relying Party) or "Client”
User Attribute User Claim
Artifact Code
XML Canonicalization / Signing JOSE (JSON Object Signing and Encryption)
IDP Metadata OP Discovery Endpoint
Authentication Context Class Reference acr
RFC 6749 The OAuth 2.0 Authorization Framework RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage RFC 6755 An IETF URN Sub-Namespace for OAuth RFC 6819 OAuth 2.0 Threat Model and Security Considerations Errata RFC 7009 OAuth 2.0 Token Revocation RFC 7519 JSON Web Token (JWT)
RFC 7521Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7522 SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7523JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol RFC 7636 Proof Key for Code Exchange by OAuth Public Clients RFC 7662 OAuth 2.0 Token Introspection Errata RFC 7800 Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
Top Related