Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

OpenID SSO


OpenID is a protocol designed for user authentication. OpenID is a standard added on the top of Oauth 2.0 (Authorization Protocol) framework which adds ID Token to access token in OAuth 2.0. OAuth and OpenID both act as Single Sign-On (SSO) standards.

OpenID must be in JWT(JSON) data format. One of the Key factors about OpenID is the ability to exchange and make use of information. This page contains detailed information about the OpenID endpoints that miniOrange exposes on its Authentication servers.



OpenID Single Sign On - OpenID SSO Authentication layers


How OpenID SSO Works?

OpenId is the Identity layer over the Base OAuth 2.0 Protocol. Identity is nothing but the Set of Attributes related to the Users. OpenID Identify the users with Specific Attributes sent by IdPs like Email. This Information is passed through the ID token and Signed with IETF JSON Web Signature. Another case of OpenID SSO is miniOrange acting as an IdP , to login into the OpenID application like native mobile applications running on Android and iOS , webapps .

OpenID Connect will redirect a user to an identity provider (IdP) to check the user’s identity, either by looking for an active session i.e Single Sign-On (SSO) or by asking the user to authenticate.

Once the IdP authenticates the user with SSO Session or valid Credentials and authorizes them to access a specific application, the IdP redirects back to that application. This redirection also passes information about the user back to the app confirming the user’s identity and that it can use to.

Components used in OpenID:


  1. Standards Scopes : OpenID,profile , emailAddress, Phone.
  2. Request Object (JSON) and Claims.
  3. ID Token : Info about authenticated user.
  4. UserInfo Endpoints : Contains Additional Info like Attributes and translates the Token.

Purpose of OpenID

  1. OpenID’s purpose is to give Single login for multiple sites.
  2. Secure Single Sign-On (SSO) Access.
  3. To send user Authentication information : OpenID contains an ID token which has the details about Authenticated User.
  4. It also contains access tokens in case more information has to be sent.
  5. To provide exceptional support for day to day web applications (javascript) and native mobile applications running on Android and iOS.

Who uses OpenID ?

Identity Providers like Google, Twitter, Facebook use this so that users can login in to the Identity Provider, and then access other apps and websites without having to sign in or share their login information.

How is miniOrange helpful in the OpenID SSO?

OpenID providers directly do not support SSO for all forms of applications. miniOrange can provide you with the broker service where you can connect to any application using your openID IdP login parameters.You can login into any cross platform application with OpenID identity.

You can configure your OpenID provider with miniOrange and can set all kinds of applications like react, node.js, SAML, Oauth, JWT, OpenID. Here miniOrange does the handshake between the openID provider and applications seamlessly. SSO using OpenID Provider , into all kinds of applications will be possible with miniOrange broker Service.



OpenID Single Sign On - OpenID SSO into any application


Difference between OAuth and OpenID

Oauth OpenID
OAuth grants access to your API, user data in other systems. OpenID Logs the user into the account and makes it available in other systems.
OAuth Authorizes the user with the resource OpenID Authenticates the User into the Service Provider.
the role to manage access to the resources is played by OAuth. OpenID provides you with an Identity Layer.
OAuth cannot differentiate between the user logged in as the two users can have the same access to resources. OpenID can differentiate between users logged in.

External References

  1. https://www.computerweekly.com/news/2240033602/What-is-OpenID-How-to-use-OpenID-SSO-in-your-organisation
  2. https://tudip.com/blog-post/openid-connect-authentication/

Get in touch with us

Make your buisness hustle free by reducing the buden of remembering multiple username and password. Reach out to our support, we would happy to assit you.


Our Other Identity & Access Management Products