Authentication Protocols: LDAP vs Kerberos vs OAuth2 vs SAML vs RADIUS

Authentication of users towards applications is probably one of the biggest challenges the IT department is facing. There are a lot of different systems a user needs access to and that’s why the authentication protocols are typically open standards – we are introducing the five most commonly used ones. When reading questions about the “correct authentication protocol” on Stackoverflow like ”Could you help me determine which authentication protocol I should use for the following use case?” It becomes pretty clear that this can be an overwhelming topic.Tech republic and others have done a great job in summarizing the sheer chaos in providers and standards.


LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

LDAP protocol


Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

Kerberos authentication protocol

Oauth 2

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean.

Source: Digital Ocean


Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.

SAML authentication


Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

RADIUS authentication protocol

So which one to choose?

Most technology enabled organization interestingly use Google Apps for Business as directory and SSO. It also supports OAuth 2.0 and the Open ID connect endpoint which allows to build your own sign-in solution.


This post is also available in: Indonesian

Silakan berikan komentar, pertanyaan, maupun sanggahan. InsyaAllah dibalas secepatnya.