Table 1. Comparing SAML 2.0 and OpenID Connect.
| SAML 2.0 | OpenID Connect | |
|---|---|---|
| Service Provider | Client libraries | Client libraries |
| Identity Provider | Identity Provider libraries | OpenID Connect Provider libraries |
| Attribute Provider | Attribute provider provides further detail to enrich SAML assertion Requires further step to populate assertion with user attributes |
OpenID Connect Provider The userinfo endpoint returns claims about the end-user |
| Attributes | SAML attributes | OpenID connect scopes |
| Discovery Service | Requires pre-agreed metadata | Single discovery service for client allowing sites & apps can validate your users |
| Privacy | Yes | JSON Object Signing and Encryption (JOSE) |
| Signing | Yes | JSON Web Token (JWT) |
| Mobile Apps | No, SAML web profile for web browser only | Both web browser & mobile apps |
| Support for SSO | Web SSO only | Yes |
| Form Rendering | Both client and identity provider | Normally Identity provider |