The original meaning of RelayState is that the SP can send some value to the IDP together with the AuthnRequest and then get it back. The SP can put whatever value it wants in the RelayState and the IDP should just echo it back in the response. This RelayState parameter is meant to be an … Read more
In response to your specific questions: 1.) What is the “ID” value supposed to be? This should be a unique identifier for the SAML request. The SAML 2.0 specification states that it’s really implementation specific how this is done, but makes the following recommendations: The mechanism by which a SAML system entity ensures that the … Read more
They solve different problems. SAML is a set of standards that have been defined to share information about who a user is, what his set of attributes are, and give you a way to grant/deny access to something or even request authentication. OAuth is more about delegating access to something. You are basically allowing someone … Read more
SAML responses come with a signature and a public key for that signature. You can use the public key to verify that the content of the SAML response matches the key – in other words – that response definitely came from someone who has the matching private key to the public key in the message, … Read more
Original OpenID 2.0 vs SAML They are two different protocols of authentication and they differ at the technical level. From a distance, differences start when users initiate the authentication. With OpenID, a user login is usually an HTTP address of the resource which is responsible for the authentication. On the other hand, SAML is based … Read more
This is a chronic problem with large Identity Management systems attempting to glue together heterogeneous systems. Invariably, you’ll be limited to the lowest common denominator, which all too often is an 8-character ASCII-alpha-numeric limit thanks to some (probably legacy) Unix-like system somewhere in the bowels of the datacenter. Those fancy modern systems can take arbitrary … Read more