Introduction to Standard Protocols

Introduction

Currently, more and more systems are interconnected through web services, portals, and integrated applications. To address the issue of information silos, centralized identity management is often adopted, shifting access control management from multiple local application systems to a central management point. User data can be conveniently accessed via web services. With the continuous growth of the internet scale, a series of standard protocols have been established. These protocols, through forms of federated identification, verification, and authorization, allow enterprises to establish and control their own data and share this data with collaborating enterprises in a structured and controlled manner.

The federated authentication introduced in this module refers to authenticating users by federating different identity providers through standard protocols.

Standard Authentication in the IDaaS Platform

The IDaaS platform supports authentication through various standard protocols. The introductions to each protocol are as follows.

SAML

Used to exchange authentication and authorization data between parties, especially between an Identity Provider (IDP) and a Service Provider (SP). The SAML protocol primarily addresses standardized, cross-domain, web-based Single Sign-On (SSO) issues. For detailed information on the SAML 2.0 protocol, please search online or refer to http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html.

OAuth

OAuth (Open Authorization) is an open standard that allows users to grant third-party applications access to their information stored with another service provider without sharing their username and password with the third-party application or disclosing all the content of their data. For detailed information on the OAuth 2.0 protocol, please search online or refer to https://www.rfc-editor.org/rfc/rfc6749.

OIDC

OIDC is built on the OAuth 2.0 framework, enabling client services (applications) to verify user identities through an OpenID provider and exchange profile information via RESTful APIs. These APIs dispatch JSON Web Tokens (JWT) for sharing information during the authentication process, offering high scalability and cross-platform flexibility. For detailed information on the OIDC protocol, please search online or refer to https://openid.net/specs/openid-connect-core-1_0.html.

CAS

CAS (Central Authentication Service) involves two main entities: the CAS Server and CAS Client. The CAS Server is responsible for authenticating users; the CAS Client provides resources. When protected resources require user authentication, the request is redirected to the CAS Server for authentication. For detailed information on the CAS protocol, please search online or refer to https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html.

Kerberos

A computer network authentication protocol designed to provide robust authentication services for client/server applications communicating over a network using a key system, ensuring the authenticity and security of the identities of the communicating parties.

AD

AD (Active Directory) is a set of solutions based on the LDAP protocol (LDAP server + applications), addressing fine-grained access control.

LDAP

LDAP is a directory access protocol that specifies storing and accessing data in a tree-like structure.