Application Security foundation — LDAP and SAML

  1. LDAP Identity Provider and Application are in Same Data Center
  2. Identities are captured in the LDAP datastore (Microsoft AD) using LDAP protocol (TCP)
  3. Authentication is done by LDAP; Authorization is done by Application
  1. External users outside the companies can’t be easily added into the LDAP datastore
  2. Applications in different data centers can’t request the LDAP identity provider
  3. Sending user credentials to an Application
  1. Applications communicating across data centers (using HTTP Redirect request)
  2. Using SSO to avoid entering the user credentials (e.g. Password)
  3. Trust’ needs to be established between SAML Identity Provider and Service Provider
  4. Authentication is done by SAML (e.g. Active Directory Federation Services— ADFS); Authorization is done by Application using LDAP group
  1. The design can’t fit with microservices using REST API (the difficulties in setting up the trust between App services and Identify provider)
  2. System-to-system authentication with scheduled tasks without user involved



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hanson Chiu

Hanson Chiu

Digital & Data Enthusiast | Tech Exam Machine | Cloud computing | My Linkedin Profile: