Sun OpenSSO Enterprise 8.0 Technical Overview

Using SAML v1.x or Liberty ID-FF

The Liberty ID-FF (as described in Using the Liberty ID-FF) and SAML v1.x should only be used when integrating with a partner that is not able to use SAML v2. SAML v1.x was designed to address the issue of cross-domain single sign-on. It does not solve issues such as privacy, single logout, and federation termination. The Liberty Alliance Project was formed to develop technical specifications that would solve business process issues including single sign-on, account linking and consent, among others.

The SAML v1.x specifications and the Liberty Alliance Project specifications do not compete with one another. They are complementary. In fact, the Liberty Alliance Project specifications leverage profiles from the SAML specifications. The decision of whether to use SAML v1.x or the Liberty specifications depends on your goal. In general, SAML v1.x should suffice for single sign-on basics. The Liberty Alliance Project specifications can be used for more sophisticated functions and capabilities, such as global sign-out, attribute sharing, web services. The following table compares the benefits of the two.

Table 11–1 Comparison of the SAML v1.x and Liberty Alliance Project Specifications

SAML v1.x Uses 

Liberty Alliance Project Uses 

Cross-domain single sign-on 

Single sign-on only after user federation

No user federation 

User federation 

No privacy control, best for use within one company 

Built on top of SAML 

User identifier is sent in plain text 

User identifier is sent as a unique handle 

Single log out 

Single log out