Wednesday, December 09, 2015

IdentityServer : Comparing IdentityServer to other Microsoft Identity products

I've just done a series of posts on IdentityServer 3 and I thought it would be a good idea to sum it all up.

I'm looking at the protocols supported for purpose of comparison.



Identity Server 3
Azure AD
ADFS 3.0
(2012 R2)
ADFS 4.0? (2016 vNext)





Authenticate against
In Memory
ASP.NET Identity
Membership Reboot
(interface can be extended to any repository)
Azure AD Graph
AD
AD
LDAP v3
SQL Server





WS-Federation
Y
(via Katana extension)
Y
Y
Y





SAML 2.0
Y
(via Katana extension)
Y
Y
Y





OpenID Connect
Y
Y
N
Y





OAuth 2.0
Y
All profiles

Y
All profiles

Y
Authorisation Code Grant confidential client profile only
Y
All profiles






Social
Google
Twitter
Facebook
(can be extended via Katana extension)
Azure ACS / B2C
Via federation with Azure ACS / B2C
Via federation with Azure ACS / B2C


 


Azure ACS = Windows Live / Google / Yahoo / Facebook

Azure B2C = Facebook / Google+ / Amazon / Linkedin

As you can see, IS compares really well and offers a wider selection than ADFS 3.0.

See also: IdentityServer : The power of extensibility

Enjoy!

1 comment:

Unknown said...

I've recently weighed the costs of going with ADFS/Azure AD or Identity Server. Maybe good to point out with IS you can store your claim data wherever you want, but not so with ADFS. Doesn't help much when you need to adjust auth rights at runtime.