问题描述
我在一些文章中看到过,据说OpenID Connect将取代SAML作为SSO的主要协议.我不确定openID connect如何处理与不同服务提供商的会话管理功能,以及如何将其用于实现单个注销?当前,是否有支持OpenID连接作为SSO IDP(作为SAML2 SSO IDP的替代品)的IDM服务器(开源或商用)?
I have seen in the some articles, It is said that OpenID Connect would replace SAML as the dominant protocol for SSO. I am not sure how openID connect would handle the session management capabilities with different service providers and how it could be used to implement single logout? Currently, Are there are IDM servers (open source or commercial) that supports OpenID connect as a SSO IDP (as replacement for SAML2 SSO IDP)?
推荐答案
PingFederate [免责声明:正如我所说,我为PingIdentity工作]在2013年4月将OIDC内置到该产品中,版本为7.0.此外,自2010年12月以来,我们通过集成工具包支持OpenID.
PingFederate [disclaimer: as it says in my name, I work for PingIdentity] built OIDC into the product in April 2013 - version 7.0. Additionally, we've supported OpenID since December 2010 via an integration kit.
也就是说,OIDC下的"SLO"是一个全新的游戏.我建议您仔细阅读会话管理部分://openid.net/connect/> OID规范.其要点是,SLO的完成方式与大多数SAML系统实现它的方式完全不同,并且它是以用户为中心的,而不是特定于OP或RP的.
That said, "SLO" under OIDC is a whole new ballgame. I'd suggest having a read through the Session Management portion of the OID Spec. The gist of it is that SLO is done completely different than the way most SAML systems implemented it, and it's very user-centric, rather than OP or RP specific.
最后一件事...虽然OIDC最终可能会取代SAML,但我想指出的是,我们最终对SAML产生了严重的滚雪球效应. OIDC尚未最终确定,并且需要花费一些时间才能迁移到OIDC.重点会转移吗?很有可能.但这种情况不会在今年或明年发生,而且很可能在此之后不会再发生.如果您正在寻找支持OIDC的最前沿的产品,那是相当公平的……但是,如果您实际上要实施,则机会就很少了.只是目前还没有很多RP,主要是因为规格不是最终的".
One last thing... While it's possible that OIDC will replace SAML eventually, I'd just like to point out that we've finally got a serious snowball effect going with SAML. OIDC isn't yet final, and it's going to take time to migrate to. Will the focus shift? Quite possible. But it won't happen this year, or next, and most likely not for a couple more after that. If you're looking at products that are bleeding edge that support OIDC, fair enough... But if you're actually wanting to implement, the opportunities are few and far between. There just aren't a lot of RPs out there yet - primarily because the spec isn't "final".
我还应该提到,我们的一些竞争对手(例如Gluu,Okta,IBM和Layer7)已经显示出对OIDC的支持(通过互操作测试进行竞争),但是我不能说他们在当前产品中的支持程度
I should also mention that some of our competitors, like Gluu, Okta, IBM, and Layer7 have shown support for OIDC (by competing in interop testing), but I can't speak to the extent of their support in current products.
这篇关于OpenID Connect最终将取代SAML成为SSO的主要协议吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!