Auth0 – An Exciting SSO Infrastructure

30 בספטמבר 2013

no comments

When we think about SSO we have to think about simplicity, multi-platform integration, deployment scenarios (cloud / on-premises) and standard compliance.

Unfortunately Microsoft solutions (ADFS, WAAD, ACS) are focused on SAML 1.1 and assume that applications has the ability to parse and validate such tokens. (WAAD and ADFS has OAuth previews which are currently not stable, ACS can use WRAP OAuth which not relevant)

This assumption is problematic in the mobile era. Web Platforms today do not include strong XML stacks that are required to handle SAML tokens and so applications and especially mobile applications cannot handle SAML.

This is why all platforms except .Net uses some separate infrastructure which implement the SAML2 SP profile to parse SAML tokens. After the token is parsed and validated the infrastructure  (e.g. Ping Federate) sends the identity information to the application in a http header or a simple token format.

The problem we face here is standardization. I looked at a number of infrastructures and each implement its own solution. (For example Ping Federate uses the OpenToken format, Ping One uses a REST EndPoint etc) If we choose such solution we will be dependent on a specify technology. To reduce the risk we should use only solutions which follow well known standards.

Auth0 does exactly that.

The application talks OpenIdConnect to Auth0. OpenIDConnect is a well-known standard which is based on OAuth 2.0 and is targeted for authentication. Auth0 does the federation required to fetch the identity information out of the identity provider (ADFS or DB or others). Auth0 can be used as a cloud service but can also be deployed on-premises so it covers all deployment scenarios.

It is very simple to implement OpenIdConnect in all platforms. All you need to do is create a simple http call. This achieves simplicity and interoperability.

To make the story short: If we want multi-platform interoperability we have to use a separate infrastructure.

If we want to reduce the technology dependency risk we have to use well known standards. To cover all deployment scenarios we have to be able to deploy on premise and as a cloud service.To achieve simplicity we have to use simple protocols.

I think that all the above can be achieved with Auth0.

Hope this helps

Manu

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*