What-is-the-Federated-Identity-Pattern

In federated authentication pattern , authentication code is separated out from app code and delegated to an authentication service so that authentication is no longer inside app code. Federation in technical parlance describes an attempt made by groups to delegate authority

In the simple login flow the authentication capability is INSIDE the service user is interacting with. The service will directly interact with user database for authentication .

This is

Less maitainable as authorization /authentication and the service cannot evolve separately .If the authentication technique changes or a security patch is rolled out then every service will get affected . Each service needs to provide identity management features.
Less secure as every service now has access to user credentials database.

Simple login

simple-login

Previously Oauth 2.0 + custom tweeks and now OAuth2.0 + OpenID Connect can be used to to move away from simple login to federated identity pattern.

Federated Identity pattern, Authentication is carved out as a separate service!

fed-identity

Once authencation is done the service can set a cookie to track user (very similar to simple login) .

	Nishant Anand I am technical architect with around 18 years of experience in telecom , banking and health care domain. I was part of the founding team of Drishti and currently CTO at affordplan
	Consult Send Query