Be the first to know about our latest articles!

Subscribe
6/7/2018

Authentication Protocols: LDAP vs Kerberos vs OAuth2 vs SAML vs RADIUS

Authentication of users towards applications is probably one of the biggest challenges the IT department is facing. There are a lot of different systems a user needs access to and that’s why the authentication protocols are typically open standards – we are introducing the five most commonly used ones. When reading questions about the “correct authentication protocol” on Stackoverflow like ”Could you help me determine which authentication protocol I should use for the following use case?” It becomes pretty clear that this can be an overwhelming topic.Tech republic and others have done a great job in summarizing the sheer chaos in providers and standards.

LDAP

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

LDAP protocol
Source

Kerberos

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

Kerberos authentication protocol
Source

Oauth 2

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean.

Oauth2
Source: Digital Ocean

SAML

Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.

SAML authentication
Source

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

RADIUS authentication protocol
Source

So which one to choose?

Most technology enabled organization interestingly use Google Apps for Business as directory and SSO. It also supports OAuth 2.0 and the Open ID connect endpoint which allows to build your own sign-in solution.

Submit content idea

Get featured on the blog and tell us your unique story.

Access Your Office the Modern Way

Discover how we provide secure access to hundreds of fast-growing companies like yours

Kisi Reader

Download the Access Control Guide

Related Articles

Get Expert Advice on Security and IoT

Free access to our best guides, industry insights and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get notified of new articles

46,885 marketers are already subscribed to Kisi's blog. Leave your email to get your weekly newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Access Control Experts
Useful Resources