问题描述

我在多个地方都读过OpenID Connect对移动设备友好，而SAML并不是真正为移动设备设计的.我对这两种协议都是陌生的，但我理解的是，移动应用程序需要启动等效的浏览器(WebView)才能处理IDP上的身份验证以及SAML流涉及的重定向. OIDC可以避免这种情况吗?

I've read in multiple places that OpenID Connect is mobile friendly and SAML is not really designed for mobile. I'm new to both of these protocols but what I understood is that the mobile apps need to launch a browser equivalent (WebView) in order to handle the authentication at IDP and also to handle the redirects involved with SAML flow. Can this be avoided with OIDC?

我对通过Google等进行的社交登录的工作方式不感兴趣，但对企业通过OIDC联合的情况不感兴趣.说公司使用OIDC而不是SAML进行联盟甚至是一个公平的声明?

I'm not interested in how social logins with Google etc work but scenarios where enterprises federate via OIDC. Is it even a fair statement to say that companies federate using OIDC instead of SAML?

推荐答案

SAML是基于浏览器的，并且从字面上来讲很繁琐.

SAML is browser based and crytographically heavy.

OIDC基于REST-一些流程例如客户端凭据不需要浏览器.

OIDC is REST based - some flows e.g. client credential do not need a browser.

使用Microsoft所谓的现代身份验证"(即OIDC)的企业不使用SAML.

Enterprises that use what Microsoft calls "modern authentication" (i.e. OIDC) don't use SAML.

例如与Azure AD站点或O365的默认连接为OIDC.

e.g. the default connection to an Azure AD site or O365 is OIDC.

这篇关于与SAML相比，为什么OpenID Connect被认为对移动设备友好的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！