OpenID Connect

OpenID is used for authentication purposes and allows us to use an existing account to log in to numerous sites. It was founded by a non-profit organization named as OpenID Foundation. Today this open standard is accepted by many giants like Microsoft, Google, Facebook, AOL, and many more.

How to get an OpenID account? Getting an OpenID account is very simple as it can be obtained through any of the OpenId providers (as listed above). Once the account is obtained, the user can log in to any web site which supports OpenID authentication. As an example, you can imagine your Blogger.com account accepting a Google email id for authentication. In this example, Google is the Identity Provider and Blogger.com is the Relying Party.

So here you login first to google developer and create project and then credential(Oauth) and there you register your URL like dev localhost or prod url and also the returnback url where it will redirect on successful login and then you get client id and client secret, which you will use in your code base.

How is Authentication Taking Place? Continuing with the same example of the Blogger web site, the user hits the URL of Blogger.com and lands on the login page. There he enters his Google credentials. After that, the request went to Google for account verification. On successful verification by Google, the user is redirected back to Blogger along with a token (we will discuss the token shortly. But at this point, you can imagine it as a label which tells Blogger that this user is verified by Google and Blogger can rely on him). From now on, Blogger trusts this token and initiates the session for the user.

OAuth is short for Open Authorization and is mainly used for accessing delegation via token-based authentication. Using this access delegation, an application can access resources on the resource server on behalf of the user without the need of re-entering the credentials. This is achieved by using the tokens issued by an identity provider, with the user’s consent.

OpenID Connect In order to implement a complete security solution, both OpenID and OAuth should go together. This togetherness is termed as OpenIDConnect, wherein authentication is supported by OpenID and authorization is supported by OAuth2.

SAML is short for Security Markup Assertion Language and is an open standard for both authentication and authorization. It uses XML for all its transactions with the purpose of allowing identity providers to pass credentials to service providers. In most of the real-world scenarios, identity providers and service providers are totally separate entities. Now, for both to work on SSO mechanism, some sort of centralized user management is required and here comes in SAML assertions. There are three types of assertions:

• Authentication: Tells that user is authenticated at what time and by using what method
• Attribute (Also called as Claim): This is a piece of data which provides information about the user with some specific attributes
• Authorization: Tells that user is granted or denied the access of any resource

Here I have done practical test with google SSO integration. And to do that first you have to register your application on google developer and get client id and client secret to use into your code. At code level, you have to enable/configure the google authenticator login by using client id and secrete and then at login page you have to get all those external login to display on view and do login with external login and return to call back URL.

Login to google developer with your gmail/google account https://console.developers.google.com/

Enable/Configure google authentication into your startup.cs file configuration service.