Morning; I have some issue with security terms and especially in Oauth2 and OpenID context.
To be more specific I can not understand the difference between Relying Party and Identity Provider.
I have this sentence "Since then, CA SSO 12.7 has been released with support for OIDC as an identity provider but not a relying party"
What's the difference between OpenID as Identity Provider and OpenID as Relying Party?
Based in what criteria are this scenerio deployed?
Thanks
The spec seems to call the identity provider "OpenID Provider" or "OP" representing the authorization server that issues tokens and verifies credentials of users and clients
The relying party is the client--the app that relies on the tokens and credential-validation of the OP
See: