In my thesis I worked with three identity federation protocol; SAML 2.0, OpenID 2.0, OAuth 2.0 and with a complete Identity and Access Management product named OpenIAM. This one is able to use all of the three protocols. After the design phase I used JAVA to implement a service provider, an identity provider and a directory service. The directory service handles the data of the test user via LDAP v3 and responsible for the authentication, which take place in the OpenLDAP directory server. The complete system demonstrates the authentication and authorization workflow defined by each protocol. As a result the Single Sign On took place at the service provider with the federated identity. Another communication partner is the OpenIAM, which I installed and configured to be able to communicate with my federation endpoint over SAML. This is an additional identity source in the federation.
I studied during my work each protocol beyond the implementation as a conclusion I end my thesis with comparing and evaluating them. One dimension is the implementation costs based on my personal experience and the other is the data transfer which is more theoretical.