问题
I've read in multiple places that OpenID Connect is mobile friendly and SAML is not really designed for mobile. I'm new to both of these protocols but what I understood is that the mobile apps need to launch a browser equivalent (WebView) in order to handle the authentication at IDP and also to handle the redirects involved with SAML flow. Can this be avoided with OIDC?
I'm not interested in how social logins with Google etc work but scenarios where enterprises federate via OIDC. Is it even a fair statement to say that companies federate using OIDC instead of SAML?
回答1:
SAML is browser based and crytographically heavy.
OIDC is REST based - some flows e.g. client credential do not need a browser.
Enterprises that use what Microsoft calls "modern authentication" (i.e. OIDC) don't use SAML.
e.g. the default connection to an Azure AD site or O365 is OIDC.
来源:https://stackoverflow.com/questions/49907133/why-is-openid-connect-considered-mobile-friendly-compared-to-saml