dokucama

User Tools

Site Tools

Trace: frr vpn_troubleshooting cryptocurrencies
network_stuff:sso

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:sso [2022/12/20 21:02] jotasandokunetwork_stuff:sso [2024/12/19 22:08] (current) jotasandoku
Line 1: Line 1:
- 
 **SAML-SSO vs OAUTH-SSO**: **SAML-SSO vs OAUTH-SSO**:
 \\ \\
 What is and Identity Provider [[https://www.cloudflare.com/en-gb/learning/access-management/what-is-an-identity-provider/|IdP]]? What is and Identity Provider [[https://www.cloudflare.com/en-gb/learning/access-management/what-is-an-identity-provider/|IdP]]?
- 
 \\ \\
- +OpenID and SAML are  associated with federated services, 
-OAuth:+\\ 
 +**OAuth**:
 \\ \\
  
Line 15: Line 14:
 Google responds with the appropriate information, such as the email address and real name of the user for which that code is valid. Google responds with the appropriate information, such as the email address and real name of the user for which that code is valid.
 The SP then creates a local session associated with that information. In the case of Apache's mod_auth_openidc it then makes the email address etc. available and they can then be sent to applications running behind Apache. The SP then creates a local session associated with that information. In the case of Apache's mod_auth_openidc it then makes the email address etc. available and they can then be sent to applications running behind Apache.
- 
 \\ \\
 However this solution does not work for CompanyY because machines may wish to use SSO but not be allowed to connect directly to the IdP service, or indeed, may be physically unable to connect because the segment colour does not allow connections out, for example. So instead CompanyY uses SAMLv2 for SSO. However this solution does not work for CompanyY because machines may wish to use SSO but not be allowed to connect directly to the IdP service, or indeed, may be physically unable to connect because the segment colour does not allow connections out, for example. So instead CompanyY uses SAMLv2 for SSO.
 \\ \\
  
-SAMLv2:\\+**SAMLv2**: 
 +\\
  
 SAMLv2 is similar to OAuth, except that all of the data is handled by the browser. Many of the steps are similar or approximately equivalent. SAMLv2 is similar to OAuth, except that all of the data is handled by the browser. Many of the steps are similar or approximately equivalent.
Line 34: Line 33:
  
  
 +
 +SSO Using OAuth (OAuth 2.0)
 +
 +    User → SP: User tries to access a resource.
 +    SP → IdP: SP redirects the user to the IdP (Authorization Endpoint).
 +    IdP ↔ User: IdP authenticates the user.
 +    IdP → SP: IdP provides an Authorization Code to the SP via the browser.
 +    SP → IdP: SP exchanges the Authorization Code for an Access Token.
 +    SP → Resource: SP uses the Access Token to grant the user access.
 +
 +SSO Using SAML
 +
 +    User → SP: User attempts to log in or access the SP.
 +    SP → IdP: SP redirects the user to the IdP with a SAML authentication request.
 +    IdP ↔ User: IdP authenticates the user and generates a SAML assertion.
 +    IdP → SP: The user submits the SAML assertion to the SP.
 +    SP → Resource: SP validates the SAML assertion and grants access.
 +    
 +    
 ---- ----
  
network_stuff/sso.1671570171.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki