Kerberos vs ldap vs saml. html>gb

The context is the most important factor when deciding which technology to use. The XML-based messages used by SAML are bulkier and more verbose than the JSON-based messages used by OIDC. Kerberos is an authentication protocol that uses tickets to authenticate users to network resources. May 6, 2022 · Azure AD Kerberos does depend on users existing in an on-premises Active Directory environment, and these objects are synchronized using Azure AD Connect. 0 Identity Provider (IdP) can take multiple forms, one of which is a self hosted Active Directory Federation Services (ADFS) server. SAML. With an increase in sales, the company’s growth and complexity increase. The WSA sends an NTLM Challenge string to the client. You would typically use it for a web SSO (single sign on). An application can communicate with directory services such as Active Directory using LDAP (Lightweight Directory Access Protocol). It can accommodate other types of computing including Linux/Unix. LDAP, however, is typically used for accessing on-premises resources by installing a client on the user's device to connect with a directory service. The confidential, sensitive nature of government data needs the strongest security possible. Oct 21, 2021 · SAML is a standardised process to authenticate users into web applications over the web. Kerberos: Network Authentication Protocol. Feb 14, 2023 · The main differentiator between these three players is that OAuth 2. This means SAML provides a layer of interoperability among different systems and applications, even when the actual user directories are a different service. Choosing the standard best adapted to your use case, whether SAML, OpenID, OAuth, or LDAP, can be a challenge. Kerberos and LDAP are commonly used together (including in Microsoft Active Directory) to provide a centralized user directory (LDAP) and secure authentication (Kerberos) services. Authentication. . The Kerberos SSO daemon obtains a service ticket for the user and sends that ticket to the traffic management virtual server. Clientul solicită un tichet de autentificare (TGT) de la centrul de distribuție a cheilor (KDC). Enable Kerberos/SPNEGO authentication in the realm with user data provisioned from LDAP. That means that OAuth 2. Delegation – Kerberos can delegate the client credentials from the front-end web server to other back-end servers like SQL Server. This requires a deeper understanding of the protocol and potentially more engineering resources. For more information, see the Kerberos section. Iată pașii cei mai de bază parcurși pentru autentificarea într-un mediu Kerberizat. LDAP and SAML SSO are as dissimilar as they come in terms of their spheres of influence. RADIUS is highly scalable, easier to integrate, and supports access control and accounting, but is less secure than Kerberos. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. While Kerberos is a ticket-based authentication protocol for trusted hosts on untrusted networks, Lightweight Directory Access Protocol (LDAP) is an authentication protocol for accessing server resources over an internet or intranet. SAML expands user credentials to include the cloud and other web applications. If you have a web application you would use SAML. While SAML is an identity provider, ADFS is a service provider. Also AD combines the two. In most cases, if you cannot decide May 6, 2024 · In addition, SAML uses XML digital signatures for message integrity and security, while OIDC offers a simpler and lighter approach, especially for developers familiar with JSON and RESTful application programming interfaces (APIs). While Microsoft as of yet doesn’t support cloud-only users for the new Kerberos functionality, this is a feature that will be coming soon. Scalability: Kerberos is a scalable protocol, making it suitable for large-scale deployments and high-traffic environments. It acts as a gateway, allowing applications to query, read, modify, or update user information stored within these directory databases. 2. In this Course LDAP不是一个开放源码，但它有诸如Open LDAP这样的开放源码的实现。 Kerberos是开源软件，提供免费服务。 4: LDAP支持RADIUS协议的双因素认证。 Kerberos支持双因素认证。 5: LDAP增加了两种认证方式SASL或匿名认证。 Kerberos增加了高安全性并提供相互认证。 6: LDAP在多层 Toggle this switch to ON if you want new users created by Keycloak added to LDAP. In recent years, cloud-based and managed LDAP solutions emerged to streamline LDAP’s capabilities for organizations. However, it is quite rare – there are also much fewer integration possibilities for SAML Artifact Binding than OIDC. Oct 14, 2014 · NTLM (SSP) Credentials are sent securely via a three-way handshake (digest style authentication). Security: Kerberos is a more secure protocol than LDAP, providing strong encryption and authentication capabilities. Kerberos is a complex and heavy-weight protocol that requires a lot of configuration and administration. Jun 25, 2024 · SAML vs OAuth. SAML is used over the Internet. It is an open standard for access delegation. Apr 2, 2021 · Security Assertion Markup Language (SAML) is an open standard that attempts to bridge the divide between authentication and authorization. Security Providers. SAML authentication offers enhanced security and user experience over traditional LDAP providing businesses with a robust and agile authentication solution. Kerberos se utiliza para gestionar las credenciales de forma segura. User experience is a priority: Use OAuth. In this case, OAM/SP performs an LDAP lookup for a single LDAP user record whose value for the attribute specified in the mapping matches the value of the specified SAML Attribute. SSL vs SASL. In today’s digital landscape, security and authentication are paramount. Es un software de código abierto que proporciona servicios gratuitos. A free implementation of this protocol is available from the Massachusetts Institute of Technology. These assertions contain the user's details (like their name and email), their authentication status, and their roles and permissions. LDAP offers a standardized way to access and manage directory services data. Now if you use Kerberos for authentication and LDAP for directory look-ups, and/or group-based authorization, than that is the Best Practice, as LDAP was originally designed per the RFCs as a directory lookup protocol only. In the Microsoft world, AD is the main player but if you want a "simple" AD, you can use ADAM / LDS that is essentially an LDAP. Allow Kerberos authentication. The “data” can be information about organizations, devices, or users stored in directories. It is a crossover between SAML and OAuth – the exchange of the SAML Response (the signed document) happens via the backchannel. Ease of Implementation. Preferably, and not really applicable here, you should be using SAML or OAuth. LDAP se utiliza para autorizar los detalles de las cuentas cuando se accede. The LDAP protocol provides authentication in the bind function. SAML activates single Sign On (SSO) for browser based applications. vriley. SAML enables exchange of security authentication information between an Identity Provider (IdP) and a service provider. OIDC calls the data Claims. You can configure your BeyondTrust Appliance B Series to authenticate users against existing LDAP, RADIUS, Kerberos, or SAML servers, as well as to assign privileges based on the preexisting hierarchy and group settings already specified in your servers. However, Kerberos is still considered more convenient despite its complexity, while LDAP is regarded as more tedious due to some of its disadvantages. That way, you can be certain that data stays private. SAML vs. Labora A SAML Attribute from the Assertion, mapped to an attribute in the LDAP user record. During user authentication, LDAP binds to the directory service SAML uses encrypted XML documents called assertions to represent user data. Dec 21, 2020 · Performance – Kerberos caches information about the client after authentication. Kerberos is used in an enterprise LAN typically. Sep 19, 2023 · Sep 19, 2023. The notable differences are: SAML can authorize as well as authenticate. 3. Single Sign-On: Kerberos supports Single Sign-On (SSO), which makes it more user Jun 16, 2021 · LDAP was created mainly for authentication to systems and applications. Although there are key differences between SAML and 10. LDAP, however, is an underlying server through which other protocols can authenticate users SAML is a lot more complicated than LDAP authentication, which is very straightforward (no Kerberos tokens). SSPI authentication, which uses a Windows-specific protocol similar to GSSAPI. May 16, 2023 · Kerberos is used for network authentication, while RADIUS is used for network access control. SAML is an umbrella standard that covers federation, identity management and single sign on (SSO). However, there are some key differences: Authentication: Both technologies support authentication. SAML can be used to authenticate a user, giving them access to an application, while OAuth can be used to set user privileges in applications and services in a network. Cliffe Schreuders at Leeds Beckett University. A SAML 2. SSL is done at the transport layer and it is normally transparent to the underneath protocol. Lightweight Directory Access Protocol, or LDAP, is a software protocol that enables an entity to look up data stored on a server. Work Flows. Lightweight Directory Access Protocol (LDAP) is plaintext authentication and not secure, especially over the internet. Data is stored in a hierarchical structure LDAP is a directory service (think of as a specialised database) while Kerberos is an authentication mechanism (a sophisticated credentials store at its heart). LDAP is the protocol used by servers to speak with on-premise directories. Jun 27, 2022 · Nevertheless, performing authentication is up to the identity provider. 5. Lightweight directory access protocol (LDAP) is a protocol, not a service. 🚀 In a nutshell, SAML fuels web SSO, AD is a comprehensive identity solution for Windows, and LDAP is a protocol for directory data access. SAML calls the application or system the user is trying to get into the Service Provider. Apr 8, 2022 · Both the authentication protocols serve a similar function to connect users and allow them to access the requested resource. Here’s what else to consider. answered Mar 5, 2020 at 17:50. NTLM can be slower than Kerberos due to its use of more complex authentication mechanisms. Naturally, LDAP is primarily concerned with making on-prem authentication and other server processes. 4. Kerberos Mar 18, 2023 · It is called as OAuth 2. Oauth vs. It is authentication protocol that uses secret key cryptography to authenticate users for client/server applications and is suitable with all operating systems. Identity security describes the proactive approach to safely controlling user and system information that is used to authenticate and authorize user identities for access to secure resources. It is an essential aspect of the identity and access management (IAM) space and serves as the cornerstone for security in any organization. The third LDAP version has support for three authentication types: SASL, simple Apr 7, 2024 · Complexity: SSetting up and configuring SAML can be a more involved process compared to OIDC. SAML uses the Single Sign-On (SSO) technology to authenticate a user once and then use that authentication over multiple applications. To help organizations make an informed decision, we outline the typical use cases for each. The most commonly used authorization and authentication protocols are Oauth 2, TACACS+, RADIUS, Kerberos, SAML, and LDAP/Active Directory. It is an authentication protocol used by service providers to authenticate a user. SAML vs OAuth is an extensive topic. What Is Lightweight Directory Access Protocol (LDAP)? LDAP … Continued The post SAML SSO vs LDAP: Differences & Definitions Explained appeared Apr 20, 2022 · Moreover, there is also a flow called SAML Artifact Binding. You have to wrap it in SSL (LDAPS) to make it secure. SAML is just a standard data format for exchanging authentication data. 0 is used in different situations, but it can be LDAPS enables the encryption of LDAP data in transit between server and client, preventing credential theft. SAML is strongly encryption-backed; OAuth is weak due to encryption’s absence. Aug 15, 2022 · LDAP vs SAML: Differences. May 12, 2023 · While OAuth is used for access authorization, SAML and OpenID Connect are used for user authentication. While both protocols are great tools for user identity management, they differ in their use cases. Dec 17, 2016 · The PDP then issues a SAML authorization assertion stating whether the client is allowed access the resource. OpenID is that Oauth is a framework that controls authorization to protected resources like applications or groups of files. The most common way SAML sends the Aug 27, 2018 · We would like to show you a description here but the site won’t allow us. Mar 25, 2023 · Single Sign-On (SSO) provides a solution to address these limitations. 0. It's a crazy world out there! Nov 25, 2023 · LDAP provides one-way authentication, meaning that only the client verifies the server’s identity. JWT (JSON Web Token) tokens are based on JSON and used in new authentication and authorization May 6, 2021 · A big difference between OpenID Connect and SAML is the use of “front-channel” and “back-channel”: The front-channel is the browser; The back-channel is communication directly between the application and the IDP/OP. It's used commonly in protocols like SAML-P, WS-Trust and WS-Federation (although not strictly required). Typically this is used to access an authentication server such as a Kerberos or Microsoft Active Directory server. Compared to OIDC, SAML is far more complex to implement and requires in-depth knowledge of XML, XML digital signatures, and digital Mar 5, 2020 · If you have LDAP implemented, you can add OAuth 2 to give a user (or application), access to your resources (depending on the rules in the LDAP directory) and provide her with a token that must be sent by the user on each request. SSO is a user authentication application, while LDAP is the underlying protocol. Aug 18, 2022 · Kerberos vs LDAP. It is used for authentication user credential as on Server Side. Mobile and consumer applications: Use OAuth. Mar 31, 2015 · A better alternative is to use a protocol to allow devices to get the account information from a central server. Kerberos is the preferred form of authentication if active directory is your identity tree. Various Windows systems and Active Directory (AD) services have been Jan 28, 2022 · A major difference that is easy to miss between the concepts of SSO and LDAP is that most common LDAP server implementations are driven to be the authoritative identity provider or source of truth for an identity. Confusingly, OAuth2 is also the basis for OpenID Connect, which provides OpenID (authentication) on top of OAuth2 (authorization) for a more complete security solution. The following table summarizes some of the differences and similarities between these three protocols. Dec 21, 2017 · Once the LDAP client has successfully authenticated itself to the LDAP server, any subsequent client-to-server requests will be recognized by the server as “legitimate” and access will be granted. OpenID Connect is an authentication standard that runs on top of OAuth 2. Definition. Identity providers, like Microsoft Entra ID, verify users when they sign in, and then use SAML to pass that authentication data to the service provider that runs the site, service, or app that the Jan 4, 2024 · The Rise of SAML: Practical Advantages Over LDAP for Enhanced Security. SAML is the underlying technology that allows people to sign in once using one set of credentials and access multiple applications. Although SAML defines back-channel mechanisms, they are rarely used in practice. In contrast, AD provides a database and services for identity and access management (IAM). May 14, 2010 · On the flip side, SAML supports authorization too. Security Provisions 5. In that time, the protocol has expanded and evolved to meet changing IT environments and business needs. LDAP is an interface for communicating with directory services, such as AD. The protocol was initially developed by MIT in the 1980s and was named after the mythical three-headed dog who guarded the underworld, Cerberus. Other options Nov 9, 2022 · SAML SSO vs. Remote Authentication Dial-in User Service (RADIUS) RADIUS is a client-server protocol that provides users with a centralized authentication, accounting and authorization management system. The password is NEVER sent across the wire. Since SAML only handles the information exchange between the Identity Provider and the Service Provider it allows the developer to choose how the users authenticate. It’s important to understand these are not competing protocols. This means that it can perform better than NTLM particularly in large farm environments. Both of them provide authentication, data signing and encryption. With Kerberos and LDAP having different complexity levels, the final Sep 20, 2021 · The main difference in LDAP vs Active Directory is that while both LDAP and Active Directory are used for querying user identity information, AD contains a complete network operating system with services such as DNS, DHCP etc. SAML mainly looks like ready to work tool while both OAuth and OpenID Connect are more like specifications – describing particulars flows – which could be further OAuth vs Kerberos LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. Not everything is compatible with Kerberos, so you may find that some of the devices you’re authenticating to cannot use this Kerberos functionality. Still, we go through both methods to help clear up the differences and help you decide which to use. LDAP is ideal for situations where you need to access Jul 5, 2012 · 37. It is not open-source but it possesses implementation such as Open LDAP which are open-source. This post covers everything you need to know about LDAP, from its Difference between Kerberos and NTLM. That part is fairly simple to move over to SAML. OAuth vs. In order to access the system today you need to successfully authenticate with LDAP and be a member of a specified LDAP group. Aug 10, 2018 · We would like to show you a description here but the site won’t allow us. LDAP is used for authorizing the details of the records when accessed. Jun 24, 2024 · What is LDAP. User Experience. This is one of the most complicated areas to Comparative Analysis: SAML Versus LDAP 1. The protocol runs in the application layers and comes into play when a dial-in user requires access to a network resource. You should avoid ldap when possible. The NTLM process looks as such: The Client sends an NTLM Negotiate packet. SAML enables identity federation, making it possible for identity providers (IdPs) to seamlessly transfer authenticated Jun 15, 2017 · SAML describes the exchange of security related information between trusted business partners. LDAP communicates with directories using a Jun 26, 2018 · This authentication mainly uses Kerberos. Single Sign-On (SSO) is an authentication mechanism that allows users to access multiple applications or systems with a single set of login credentials. OpenID Connect and SAML, on the other hand, are industry standards for federated authentication. The SSO feature in SAML provides a significantly better user experience by reducing repeated login prompts, unlike LDAP. Lightweight Directory Access Protocol (LDAP) is a protocol used for accessing and maintaining distributed directory information services over an IP network. The differences in these standards and their roles in authentication and authorization are While considered safer and more robust, Kerberos is significantly more complex to configure and in its protocol than LDAP. Aug 11, 2021 · The Ultimate Guide. OpenID vs. Dec 27, 2019 · SAML is definitely the hardest to implement but offers great flexibility. In summary, SAML and LDAP have distinct roles in the world of identity and access management. It performs better on mobile, and consumer login sessions tend to be shorter. Be the first to Uses tokens to grant access which can be removed by a user. May 30, 2024 · Active Directory is a Microsoft product used to organize IT assets like users, computers, and printers. Authentication and authorization protocols ensure secure and efficient service access. It's also true that SSL and SASL are kind of providing similar features. Ident authentication, which relies on an “ Identification Protocol ” service on the client's machine. Dive into the practical advantages of SAML for modern enterprises. Because of this, Oauth 2. Kerberos is more secure, supports single sign-on, and is cross-platform, but is limited in scalability. As a result, you need to use SAML in tandem with LDAP or RADIUS protocol to verify the user credentials against data in the identity provider. LDAP is used to talk to and query several different types of directories (including Active Directory). LDAP is an application protocol used by programs to search up information from a server, whereas LDAP is an application protocol used by applications to seek up information from a server. There are other methods that can provide single sign-on, such as SAML, or smart cards, or even cloud-based single sign-on services, but Kerberos is certainly one of the most popular you might find. Each has its own use cases, advantages, and Feb 24, 2023 · Kerberos and LDAP are both authentication protocols, but they have several important differences that we'll discuss in this video. SAML is a communication link that uses extensible Sep 27, 2023 · Best Use Cases for SAML vs. It performs better on mobile. 0 is used in fundamentally different situations than Sep 24, 2019 · Kerberos. OAuth does authorization only. SAML provides one-way or two-way authentication, meaning that the SP can optionally verify the user’s identity. LDAP can be challenging to parse out. Identity management for a government application: Use SAML. Jul 1, 2015 · IPA does not provide a "MS Windows AD-like" solution, rather it provides the capability to setup a trust relationship between an Active Directory and a IPA domain, which is a Kerberos REALM, actually. Federation is a concept whereby users from company A can authenticate to an application on company B but Jul 8, 2022 · Hello everyone. No es un código abierto, pero tiene una implementación como Open LDAP, que es de código abierto. An essential feature of SAML is that it can encrypt all sent data. It does everything OAuth does but adds identity verification and profile information on top of the authorization code flow. In this article, we will see about Single Sign-On (SSO) and the 2 protocols which are widely used for SSO namely SAML and OAuth2. Oct 25, 2021 · Kerberos este disponibil, de asemenea, în multe produse comerciale. Both are token-based, but their tokens are known by different names. OIDC transmits user data in JSON format. Nov 9, 2022 · Obviously, they aren’t the same technologies, but an organization can deploy LDAP with SAMLof OpenID Connect SSO to support more robust authentication. With regards to some of the security features that you can use out of the box with IPA not present in a standard LDAP installation, or a LDAP Jun 10, 2024 · The difference between SAML and LDAP is that SAML is designed for cloud-based connections using only an IdP and SP to communicate user data. LDAP. Last year I wrote an extension for Expression Engine that used SimpleSAMLPhp to authenticate users against a Kerberos backend, then lookup authorization rules from an LDAP system. Together, they form a powerful duo that enables seamless authentication and efficient data management. Encryption. (On local Unix-socket connections, this is Jun 10, 2024 · The difference between LDAP and Active Directory is that LDAP is a standard application protocol, while AD is a proprietary product. Use LDAP for: Linux devices, NAS devices/file servers, technical applications, on-prem applications. The confusion comes as you can authenticated (bind) against LDAP and even hand over authentication to a Kerberos realm. Apr 26, 2024 · The primary difference between SAML vs. SAML calls the user data it sends a SAML Assertion. When reading about the Kerberos protocol, you’ll frequently see mentions of Lightweight Directory Access Protocol (LDAP). Mar 20, 2024 · Advantages of Kerberos. SAML is the older format and is based on XML. And on the IDP we can add a claim to authorize the user. By contrast, OAuth2 is an open standard for authorization. This tells the WSA that the client intends to do NTLM authentication. The use of an LDAP query that contains data from the SAML Assertion: The LDAP Apr 22, 2021 · But, there are three main differences: SAML transmits user data in XML format. Third protocol of our guide RADIUS vs LDAP vs Kerberos – Examples for Each Use Case is Kerberos. In LDAP, different applications or systems don’t interact or share authentication credentials. SSO: SAML is a security protocol used for identity authentication, while SSO is a type of single sign-on that allows access multiple services with a single login. It's designed to provide secure authentication over an insecure network. Depending on the requirements, a company may use one or all of these data security protocols to keep their data safe. Security Assertion Markup Language, or SAML, is an open-standard identity management protocol commonly used for single sign-on (SSO), which allows users to share the same credentials across different services and applications. Most often with SAML implementations, it is not the case that the SAML service is the source of truth, but rather it often acts as a May 16, 2024 · LDAP single sign-on also lets system admins set permissions to control access the LDAP database. Sep 29, 2021 · The Biggest Difference. SSO enables users to authenticate once and gain access to multiple applications Apr 6, 2014 · The first is authentication. LDAP is more about storing and managing user information. We've utilized a library to handle most of the dirty work. Kerberos can be faster than NTLM due to its use of lightweight tickets and efficient caching. Dec 17, 2022 · Both SAML and JWT are security token formats that are not dependent on any programming language. Is SSO possible with LDAP? Yes, SSO is possible with LDAP as many providers support LDAP for SSO. 0 is a framework that controls authorisation to a protected resource such as an application or a set of files, while OpenID Connect and SAML are both industry standards for federated authentication. May 16, 2023 · 8. 1. Whereas ADFS is focused on Windows environments, LDAP is more flexible. Know that you can also use one without the other. Now, it is mainly used for authentication to networks and network resources. Oct 9, 2023 · The Bottom Line. Contrarily, RADIUS only encrypts the password. LDAP Aug 6, 2020 · LDAP is flexible and customizable, which is powerful, but it is notoriously difficult to configure and administer. Read the full post: https:/ May 2, 2023 · The Kerberos SSO daemon contacts the Kerberos server and obtains a ticket-granting ticket (TGT) allowing it to request service tickets authorizing access to protected applications. It uses JSON Web Tokens (JWT), and an authentication event will contain an ID token, to provide identity information of Se nombra como Kerberos. Mar 14, 2024 · 💬 SAML facilitates communication between an identity provider and a service provider. For nearly 3 decades, organizations have been using the LDAP (Lightweight Directory Access Protocol) for user management, attributes, and authentication. SAML and OAuth can be used interchangeably and at the same time. Kerberos requires that the user it is authenticating is in the kerberos domain. Kerberos vs. If you need to use LDAP make sure you're encrypting the communication. It's true that SASL is not a protocol but an abstraction layer. Kerberos requires that the user it SAML defined. Single Sign-On (SSO) SSO is an authentication process that allows a user to log in to multiple applications or systems with just one set of login credentials, such as a username and password. OAuth is an open authorization standard. SAML simplifies the login process with SSO, while LDAP acts as a central database of user information. Bulkier messages: SAML messages are XML-based The user accesses the remote application on an intranet, a bookmark, or similar and the application loads. May 23, 2024 · Learn more about NinjaOne Protect, check out a live tour, or start your free trial of the NinjaOne platform. Centrul de distribuție a cheilor (KDC) verifică acreditările și trimite înapoi un Feb 4, 2024 · LDAP: Lightweight Directory Access Protocol. OpenID Connect (OIDC) was created in early 2014. Organizations, big and small, need robust mechanisms to ensure that only authorized users can access their May 30, 2016 · OAuth2. Feb 16, 2023 · OpenID Connect (OIDC) is an authentication protocol and an identity layer built on top of OAuth 2. In contrast, LDAP does not have any of those functionalities. Eliaquim Tchitalacumbi. Sep 13, 2017 · Users must always manually enter username/password while with Kerberos they do not have to do this. AD’s scope spans beyond authentication. Kerberos Server. Jul 19, 2021 · Kerberos, at its simplest, is an authentication protocol for client/server applications. RADIUS, on the other hand, was initially created for low-bandwidth conditions across networks to authenticate dial-up users via modems to remote servers over telephone lines. Understanding LDAP plays an essential part in getting to LDAP is really designed for directory lookups. RADIUS: Remote Authentication Dial-In User Service. Kerberos is a network authentication protocol. SAML comes with pre-defined security features, making it easier to implement, particularly in cloud-based architectures. May 29, 2024 · Kerberos, SAML, OAuth, and OpenID Connect (OIDC) are all authentication and authorization protocols used to secure access to systems and services. Jan 21, 2021 · This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. OAuth can be used for API access, OpenID Connect for user authentication, and SAML for single sign-on enterprise applications. ADFS (an IDP) sits on top of these and provides a federation layer. Kerberos is available in many commercial products as well. It integrates with most Microsoft Office and Server products. gb ku fa dr nd em xu mw fn xc