Overview
Connect your application to Hanzo IAM using OAuth 2.0, OIDC, SAML, or CAS.
This section describes how to connect your application to Hanzo IAM.
When Hanzo IAM acts as a Service Provider (SP), it supports:
- OAuth 2.0 (OIDC)
- SAML
When Hanzo IAM acts as an Identity Provider (IdP), it supports:
- OAuth 2.0
- OIDC
- SAML
- CAS 1.0, 2.0, and 3.0
OAuth 2.0 (OIDC)
What is OAuth 2.0?
OAuth 2 is an authorization framework that lets applications obtain limited access to user accounts on an HTTP service. It delegates authentication to the service that hosts the account and authorizes third-party apps to access it. OAuth 2 defines flows for web, desktop, and mobile applications.
Hanzo IAM’s authorization flow is based on OAuth 2.0. We recommend OAuth 2.0 (OIDC) because it is straightforward to implement, covers many use cases, and is widely supported.
Your application can integrate with Hanzo IAM in three main ways:
Standard OIDC client
Standard OIDC client — Use any standard OIDC client library available for your language or framework.
What is OIDC?
OpenID Connect (OIDC) extends OAuth 2.0 with an identity layer. It lets users sign in once (SSO) at an OpenID Provider and access multiple relying parties. OIDC gives applications a standard way to obtain user identity and profile information.
Hanzo IAM is fully OIDC-compliant. If you already use another OIDC identity provider with a standard client library, switching to Hanzo IAM is typically a configuration change (e.g. discovery URL and credentials).
Hanzo IAM SDKs
Hanzo IAM SDKs — Hanzo IAM provides SDKs for many languages, built on OIDC and adding Hanzo IAM-specific features (e.g. user management, file upload).
Using an SDK takes a bit more setup than a generic OIDC client but gives you the most flexibility and the full Hanzo IAM API.
Hanzo IAM plugin
Hanzo IAM plugin — If your app runs on a supported platform (e.g. Spring Boot, WordPress), use the official or community plugin or middleware. Plugins are the fastest way to add Hanzo IAM to that platform.
Plugins:
Middleware:
SAML
What is SAML?
Security Assertion Markup Language (SAML) is an open standard that lets identity providers (IdPs) pass authentication and authorization information to service providers (SPs). Users can sign in once and access many applications. SAML uses XML for messages between the IdP and SPs.
Hanzo IAM can act as a SAML 2.0 IdP and supports the main SAML 2.0 features. See SAML for details.
Example: Hanzo IAM as a SAML IdP in Keycloak
When to use SAML: SAML is mature and widely used in enterprise SSO, but the protocol is large and has many optional parts. For new applications, OAuth 2.0 / OIDC is usually simpler; choose SAML when you must interoperate with existing SAML-based systems.
CAS
What is CAS?
The Central Authentication Service (CAS) is a web SSO protocol. Users sign in once and can access multiple applications. Web applications authenticate users via the CAS server without handling passwords directly.
Hanzo IAM supports CAS 1.0, 2.0, and 3.0. See CAS for setup.
Note: CAS is lightweight but limited in scope. Trust between the CAS client and server is established by interface calls rather than cryptographic signatures. For new projects, OAuth 2.0 / OIDC is generally preferred.
Integrations
For step-by-step examples of connecting specific applications to Hanzo IAM, see the Integrations section.
How is this guide?
Last updated on