SURFconext also supports OpenID Connect (OIDC) for Service Providers (or Relying Party in OIDC terminology. For the sake of consistency, the term Service Provider will be used onwards). OIDC has several advantages in comparison with SAML:
- For OIDC, more standard implementations are available that can easily be integrated into an (existing) application; connecting to SURFconext therefore becomes easier
- OIDC is a RESTful API-like service; it is less complex than SAML
- For Service Providers who also use mobile apps, OIDC can be used as the only technology (whereas in the case of SAML, supporting an additional standard is necessary (OAuth))
There are also some attention points:
- Not support yet for interfederation via eduGAIN
- No support yet for SURFsecureID.
If you intend to enable your Service Provider for any of these two use cases, SAML is for you.
A schematic overview of the OpenID Connect authentication flow can be found on this page: OpenID Connect authentication flow.
Ready to connect to SURFconext? Please continue at Preparation with OpenID Connect.