...
CAS | OIDC | SAML 2 |
---|---|---|
Server | OP (OpenID Provider) ou Authorization Server | IDP |
Service | Client ou RP (Relying Party) | SP |
/login/ | authorization_endpoint | |
/serviceValidate /p3/serviceValidate | /token_endpoint | HTTP Artifact |
/userinfo_endpoint | Attribute Query | |
Paramètres : | ||
service | client_id & redirect_uri & state |
|
ticket |
| Artifact |
gateway | prompt=none | isPassive |
renew | prompt=login | ForceAuthn |
acr_values | AuthnContextClassRef | |
Un peu similaire : | ||
proxy ticket (valide une fois) | access token (valide un certain temps) | |
PGT | refresh token |
...
https://wiki.refeds.org/display/GROUPS/Mapping+SAML+attributes+to+OIDC+Claims
Implémentations OpenID Connect
Apereo CAS
NB : le userinfo_endpoint est /profile