If you’ve ever heard about the uses of SAML and OAuth, then you may know that they prevent you from sharing your password with third parties or any other websites and instead directs you to use the relevant protocol.
Whenever the authentication of a website or any app is involved, we must use various protocols to understand whether or not we have the right permissions. Sometimes, the protocols will require you to partake in additional verification steps to confirm your identity and purpose.
Both SAML and OAuth help streamline this process, so even if you are working with automation, you should ensure the use of these protocols to understand how the particular company is going to utilize or store your data.
What is SAML?
SAML stands for Security Assertion Mark-up Language and covers federation, identity management, and single sign-on (SSO). The main purpose of SAML is to handle authentication. SAML was basically designed for a wide range of uses, but now its use is mainly restricted and limited to SSO. As we deal with authentication daily, it is entirely possible that whenever we turn on the computer and open various things on our computer, we may have used it.
On the contrary to SAML, OAuth is the open authorization process that makes it possible for users to jump from one service to the other without password and login credentials. For example, when we sign in to Google and use the same credentials to login to other applications and services, we have used open authorization.
The same milestone can be achieved by using SAML, but there exist differences between OAuth and SAML. OAuth is always specific to the particular application, while SAML focuses on the users.
How Does SAML Work?
The use of SAML is associated with the identification of an individual and verification of personal information. Moreover, it also helps the authentication process. In simple words, whenever an employee wants to access an organization’s applications, the employee will be required to complete a detailed authentication process.
This means the employee will be able to access all the applications after proceeding with the authorization and authentication.
SAML is such a strong security technology that the user can even use to unlock the door and open the password of the computer system if the user can provide authorization details successfully. When it comes to accepting system files and devices, this technology is very helpful as well. All you need to do is provide the authorization information and you’ll gain access to anything you want.
Because of this, administrative authorities take advantage of SAML to control users from a single location and check all the activities by accessing the files and systems.
Authentication Workflow of SAML
- Whenever the user visits a particular website to utilize a file sharing service and clicks on the login button, the service that provides the option and ability to share the files serves as the service provider. Remember that by a user we mean the client.
- To proceed with the user’s request, the SAML authentication system makes an authentication request. In other words, the website sends encrypted information for verification, and if the SAML authentication request is accepted by the system, the system then allows the user to proceed with the login process and access the website.
- Then, the client’s browser is redirected to IdP by the service provider for authentication. A SAML assertion in the form of a token is created when the client logs in successfully. The token contains the user identity, which is sent to the service provider.
- Now the client is redirected back by the service provider.
- The service provider further proceeds with the verification of SAML assertion, examines the identity of the user, and allows them to extract and access the files after logging in.
Summary of the SAML Workflow
Here is how the SAML workflow works:
- Request: The end-user or the client clicks on the login button while browsing through the website.
- Validation: The SAML authentication comes into play and authenticates the information of the user while also verifying their data.
- Login: A login screen appears where the user must provide their username and password.
- Token creation: The website waits for the user to provide the relevant information. If the information provided by the client or the end-user is correct, the service provider receives a SAML token by which website login and access to the system is made possible for the client.
Here it is worth mentioning that SAML authentication is a very fast and quick process that takes place within seconds and the user does not even realize the complexity of the workflow that helps them log in to the particular website.
What Is OAuth?
OAuth refers to authorization. The OAuth protocol is needed when information passes from one service provider to another. In other words, if an employee has only one Google account and they use it to log in to various applications, then it is using the help of OAuth.
At this stage, SAML cannot help because it is particularly associated with the end-user experience and does not have any role in sharing or sending information between the two applications.
How Is OAuth Different From SAML?
Basically, whenever the employer or the user wants to utilize the single sign-on (SSO) feature to sign into multiple applications within an organization without logging into each of them again and again, the OAuth protocol is used to pass authorization from one service to another.
On the other hand, SAML can also enable SSO, but it is particularly concerned with the user experience and makes it possible for the user to sign in to the particular service provider repeatedly without verification of their personal information on login every time.
The major difference between SAML and OAuth is that SAML is concerned with the identification of the user's origin (by application subdomain, user IP address, or similar) and redirecting the user back to the identity provider and asking for authentication, while OAuth is an authorization protocol and serves as an open standard for token-based authentication and authorization.
Both services can be used for SSO.
The Workflow of OAuth
The OAuth client is not a web browser.
Let's have a better look at the workflow of OAuth.
- It starts with the client who opens a certain website and logs in after providing the relevant credentials. We will assume that the user wants to utilize the file sharing service of the website. In technical language, we will call this file-sharing service a resource server, which is the motive behind opening this website.
- The resource server will provide the user with an authorization grant, and the client is redirected to the authorization process.
- Now the client will be asked to provide the authorization code which helps them to request the access token.
- If the client has provided the valid code, then they will be able to proceed with the login process and access the resource server.
- The validity of the code determines information sent to the client regarding the resource server.
Summary of the OAuth Workflow
Here is how the OAuth workflow works:
- Request: The user tries to access the website by clicking on the login button and then inputting the details.
- Choice: The client is free to choose the third-party authorization credentials to use.
- Log in: An access token is created by the authorization server, which is sent to the resource server.
- Connection: The resource server verifies the token and then access is granted.
OAuth helps the use of this access for other websites and platforms as well. So when the client decides to log in to other platforms, they do not need to use the detailed login process again and again. Instead, they are immediately granted access by utilizing the information from the first source.
But the two tools have very different functions, involving:
- Authentication - The user's identity is involved in this process. SAML more likely works as a key. You can get access to the facility through it.
- Authorization - The user’s privileges are involved in this process. It is more likely about the set of rules which should be followed.
We hope that is now easier to understand SAML and OAuth technologies as well as the role of a SSO feature for the software systems. If you have any questions, don’t hesitate to contact us here.