Comment by Roguelazer

Comment by Roguelazer a day ago

I'm optimistic SAML will be dead soon. ActiveDirectory/EntraID/whatever Microsoft wants to call it now supports OpenID Connect. Okta, OneLogin, Google, and all the other post-turn-of-the-millenium IdPs support OIDC. Shibboleth is the last major IdP I know if that is SAML-only, and I haven't seen anyone using it in like 10 years. When I built enterprise SSO for my current company, we went OIDC-only and we haven't had a single customer who needed SAML.

jrochkind1 a day ago

> Shibboleth is the last major IdP I know if that is SAML-only, and I haven't seen anyone using it in like 10 years

Most universities are still using Shibboleth. And probably will be forever. I think Shibboleth influenced SAML, probably to it's detriment.

Reply View 1 reply

Griever a day ago

Yup, thankfully most federate through InCommon so it’s less painful than it used to be, but that’s not saying much.

Reply View | 0 replies

zdragnar a day ago

Working in the health market, pretty much the only thing our customers support is SAML, and that's only among customers who have anything at all that can integrate with us.

Reply View 2 replies

koito17 a day ago

Anecdotally, many American universities and academic journal sites still use Shibboleth. Thus, in the United States, SAML is far from dead, whether we like it or not.

Reply View | 1 reply
- GoblinSlayer a day ago
  
  Shibboleth supports CAS.
  
  Reply View | 0 replies

Johnnynator a day ago

> Shibboleth is the last major IdP I know if that is SAML-only

Shibboleth has officially supported Plugins for OIDC for some time now.

As others said, Shiboleth is still rather pupular at Universities and higher Education, OIDC will have a hard time to set foot there without the OpenID Connect Federation Draft beeing finished and then Implemented by the different Metadata Federation that exist (most National Research Networks manage one)

Reply View 0 replies

hirsin a day ago

Okta barely supports OIDC I'm afraid. We have to use SAML with them because they don't support a reusable app model for OIDC (a "marketplace app" that multiple customers can use).

I'd love to add FastFed support for OIDC and be done with it but SAML still rules the world.

Reply View 2 replies

pquerna a day ago

Our app <https://www.okta.com/integrations/conductorone/> is in the Okta OIN ("marketplace") using OIDC? So not sure what you mean by that?

Reply View | 1 reply
- hirsin 10 hours ago
  
  Ooh that's excellent news, thank you! When I'd last checked it was not an option and our account rep had no predictions to offer.
  
  Reply View | 0 replies