SAML vs. OAuth

Most people can be confused by the difference between OAuth and SAML but its really not that complicated. There could be some overlap though, but I will try my best to distinguish them for you in the simplest way possible.

SAML – initials for Security Assertion Markup Language. The shortest way to describe it is, it’s a single sign-on for users( enterprise users). It encompasses profiles, constructs and bindings to reach a Single Sign On, SSO, Identity Management and Federation. It exchanges authentication and authorization data between a service provider and an identity provider.

OAuth – initials for Open Authorization. Simple description is that it is an API authorisation taking place between applications. It allows secure authorization, in a standard and a simple method from the world wide web, desktop and mobile applications. It is not responsible for authentication. Acts as the standard for resources authorization.

What is Difference Between OAuth and SAML?

1. The first difference between OAuth and SAML is the message format. Also called the Token

SAML works with XML as token format or rather as its data construct, while;
OAuth can be JSON, SAML, or in a binary format.


2. The second difference between OAuth and SAML is Transport.

OAuth exclusively uses HTTP for transport, while;
SAML has the bindings which use HTTP like HTTP REDIRECT Binding, HTTP POST Binding and others. It has no transport format restrictions. JMS or SOAP or other transport can be used to send messages or SAML tokens.

3. The third difference between OAuth and SAML is Scope.

OAuth was designed to be used with Internet applications, where its primary use was delegated authorization of resources in the Internet. Internet scale is what OAuth was designed for. While;
SAML is used typically in scenarios involving Enterprise SSO, even though its design is supposed to be openly applicable.

To conclude, OAuthisbassically or in simple terms designed for Authorization.¬†SAML on the other hand, has a range of “profiles” you can choose from allowing different users to be able to login to your Website.

MLA Format :

“Difference Between SAML and OAuth -.” Something Is Difference. 27 May 2015. Web. 27 May 2015. <>.


No Comment

Comments are closed.