OpenID Connect

Why OpenID Connect is Relevant?

OIDC, published in 2014, is considered an improved protocol in terms of usability and simplicity, its development informed by experiences with SAML and OpenID 1.0 and 2.0. edugate_16_9

OIDC works on the basis of easy to consume identity tokens (JSON Web Tokens) which support a range of signature and encryption algorithms, making them ideal for the job of ID tokens. These JSON Web Tokens (JWT) are then delivered via the OAuth 2.0 authorisation protocol.

Against this backdrop, HEAnet are moving to add OIDC as a supported protocol within Edugate. It should be noted, however, that Edugate will continue to support SAML which we believe will remain a mainstay protocol for many years ahead. SAML continues to provide seamless single sign-on, with strong security and privacy controls. As such, it is likely that SAML and OIDC will co-exist side-by-side with IdP services running both protocols.

Other NRENs are also exploring support for OIDC in their respective federations. In this regard, HEAnet are leading a project task funded by the GÉANT Association which has the objective of establishing a federation trust model based on OIDC across a Pan-European (con)federation footprint.

HEAnet, together with other GÉANT Association contributors, are endeavouring to introduce Edugate support for OIDC by the close of 2017. We will keep you apprised of developments in this area.

For more information on this topic please contact the Middleware Team at: