Multi Authentication Login
Different types of authentication methods exist. These use different protocols that have specific applications and provide various ways for client authentication. Billia is designed and constantly improved to support multiple types of authentication - OAuth2, OTP, etc. The newest player in the field and Billia’s newest supported authentication protocol, is SAML.
What are authentication protocols?
Network authentication protocols transfer authentication data (e.g. information that proves identity) between an identity provider and a service provider. This way, the receiving entity can authenticate the connecting entity, as well as vice versa. A simple example for this connection is an end user (a Client) connecting to a server, the server checks the information against the user’s existing one in the database and returns a reply as “authentication successful” or “authentication failed” depending on the result.
Network authentication protocols provide safe connection, secure storage and access to the authentication data. During the entire process of authentication, the protocols follow strict rules to ensure security, protect against various attacks and third-parties trying to gain unauthorized access to the data.
OAuth2 identity provider
Billia is an OAuth2 identity provider.
This means it can allow third party applications to access its resources through OAuth2 and therefore provide access to users on various platforms.
OAuth is an open-standard authorization protocol that uses authorization tokens, instead of sharing password data. This way it proves the identity between service providers and consumers.
What is SAML?
SAML stands for Security Assertion Markup Language. It is open-standard, based on XML, and is used for authentication and authorization purposes of the data exchange between two or more parties, more specifically between an Identity provider and a Service provider.
SAML works with browser redirects. It authenticates end users to third-party systems by redirecting their browser to a company login page, which requires a successful authentication. Afterwards, the SAML protocol redirects the end user back to the third-party system to access it.
Identity provider vs. Service provider
Identity and service providers are key components in the network authentication process of SAML.
An Identity provider (IdP or IDP) is a system entity that stores, manages and verifies user information and identity. Whenever an end user clicks to log into a third-party system with a social media account (e.g. Facebook, Google, Twitter, etc.), that social media acts as a trusted Identity provider and authenticates the user in front of the other system. Depending on the credentials the end user enters, the chosen IdP will verify them with the copy in its own database and send them as a response to the application.
A Service provider (SP) in this case is that application - a third-party system, which receives and accepts those authentication claims, as it is in the position to offer the end user a certain service, for the use of which they log in its system. When the IdP performs the authentication of the end user’s identity, it sends that data to the SP along with the user’s access rights for the service. If the authentication of the end user passes, then their identity is confirmed and they can log into the application.