Showing posts from April, 2014

SAML feels like a missed opportunity

"The nice thing about standards is that you have so many to choose from" -  Andrew S. Tanenbaum This quote is very appropriate for Single-Sign-On and specifically SAML.  Here I will discuss why SAML is a great protocol for point to point integrations, but can get very complicated very quickly once you take it beyond that. Single Sign On - Why is it so hard? Single Sign On (or SSO) can be described very simply, to quote wikipedia "...user logs in once and gains access to all systems without being prompted to log in again at each of them". This boils down to three different entities who trust each other directly and indirectly.  A user  enters a password (or some other authentication method) to their identity provider (IDP)  in order to gain access to a service provider (SP) .  User trusts IdP, SP trusts IDP so SP can in-turn trust user. This seems so simple, however if you are a service provider and want to integrate with many IdPs (e.g. twitter, facebook,