Many IT organizations are trying to understand the single sign-on (SSO) market and the protocols involved. As a result, the SSO: SAML vs LDAP discussion takes on some significance. While SAML and LDAP are both authentication protocols, they are really quite different in their approach and each are used for different purposes. Keep reading to get an understanding of the specific purposes of these protocols and how they can benefit your organization.
On Your Marks, Get Set, SSO
Let’s start with where and why these two authentication protocols are used. In a sense, both of them are SSO protocols, but they’re utilized in very different ways. Perhaps that utilization stems from the fact that they were created at different times in IT history. LDAP was created in the early 1990s by Tim Howes and his colleagues at the University of Michigan. From those early days to now, it’s impressive to see that LDAP is still a widely used protocol used for authentication into a wide range of applications. That speaks to the flexibility and power of LDAP. Additionally, as a general rule of thumb, LDAP works well with Linux®-based applications such as OpenVPN™, Kubernetes, Docker, Jenkins, and thousands of others.
SAML, on the other hand, is generally used as an authentication protocol for web applications like Salesforce®, Slack, and GitHub. Created in the early 2000s, SAML is an assertion-based authentication protocol. While that explanation is an oversimplification, the protocol is effectively integrated with an identity provider (IdP), which asserts that the person is who they say they are. Next, a service provider (i.e. web application) admits the user to their platform after an XML-based authentication exchange. The process was created to be done securely over the internet rather than utilizing the traditional concept of the domain.
Web Applications and the Identity Provider
As web application use has dramatically increased, organizations have leveraged SAML-based web application single sign-on solutions in addition to their core directory service. A major difference that is easy to miss between the concepts of SSO and LDAP is that most (Read more...)