top | item 41586778

(no title)

I'm optimistic SAML will be dead soon. ActiveDirectory/EntraID/whatever Microsoft wants to call it now supports OpenID Connect. Okta, OneLogin, Google, and all the other post-turn-of-the-millenium IdPs support OIDC. Shibboleth is the last major IdP I know if that is SAML-only, and I haven't seen anyone using it in like 10 years. When I built enterprise SSO for my current company, we went OIDC-only and we haven't had a single customer who needed SAML.

discuss

jrochkind1|1 year ago

> Shibboleth is the last major IdP I know if that is SAML-only, and I haven't seen anyone using it in like 10 years

Most universities are still using Shibboleth. And probably will be forever. I think Shibboleth influenced SAML, probably to it's detriment.

Griever|1 year ago

Yup, thankfully most federate through InCommon so it’s less painful than it used to be, but that’s not saying much.

zdragnar|1 year ago

Working in the health market, pretty much the only thing our customers support is SAML, and that's only among customers who have anything at all that can integrate with us.

koito17|1 year ago

Anecdotally, many American universities and academic journal sites still use Shibboleth. Thus, in the United States, SAML is far from dead, whether we like it or not.

Johnnynator|1 year ago

> Shibboleth is the last major IdP I know if that is SAML-only

Shibboleth has officially supported Plugins for OIDC for some time now.

As others said, Shiboleth is still rather pupular at Universities and higher Education, OIDC will have a hard time to set foot there without the OpenID Connect Federation Draft beeing finished and then Implemented by the different Metadata Federation that exist (most National Research Networks manage one)

hirsin|1 year ago

Okta barely supports OIDC I'm afraid. We have to use SAML with them because they don't support a reusable app model for OIDC (a "marketplace app" that multiple customers can use).

I'd love to add FastFed support for OIDC and be done with it but SAML still rules the world.

pquerna|1 year ago

Our app <https://www.okta.com/integrations/conductorone/> is in the Okta OIN ("marketplace") using OIDC? So not sure what you mean by that?

sk5t|1 year ago

> I'm optimistic SAML will be dead soon

Get used to disappointment.

riffraff|1 year ago

Isn't the shared identity login thingy (eIDAS) in the EU SAML based?