...
- For OIDC, more standard implementations are available that can easily be integrated into an (existing) application; connecting to SURFconext therefore becomes easier
- OIDC is a RESTful API-like service; it is less complex than SAML
- For Service Providers who also use mobile apps, OIDC can be used as the only technology (whereas in the case of SAML, supporting an additional standard is necessary (OAuth))
There are currently still also some drawbacksattention points:
- Not support yet supported in international for interfederation via eduGAIN
- No support yet for SURFconext Strong Authentication
If you intend to enable your Service Provider for any of these 2, SAML is for you.
A schematic overview of the OpenID Connect authentication flow can be found on this page: OpenID Connect authentication flow.
...