Norton Secure Login

 View Only

Symantec is now a certified OpenID Connect Provider 

Dec 02, 2016 05:19 PM

If you have ever worked on a crucial web service, you know that one obstacle to expanding the service is user account management and authentication services.  The days of creating a simple MySQL with PHP frontend page will not cut it anymore in any enterprise space.  The security is too limited, the asset is too valuable, and the risk is too high.  However, an investment in a custom identity solution is complex, costly, and takes away time from focusing on the core product features.  Imagine if each team at Symantec provided a different login account and mismatching experiences for each product.  This is where Norton Secure Login fits in, and why OpenID Connect certification matter to teams with user information.

170px_k-certified-image.pngNorton Secure Login (NSL) is an Identity Provider that provides a simple, secure, and centralized way to authenticate users.  We provide an infrastructure for identity management for millions of users across various Norton brands (Norton Security, Norton Mobile Security, Norton Online Family, Norton Identity, and more), Symantec’s EPMP, and even upcoming products like Norton Core.  To date NSL has used  SAML2.0 protocol, an industry standard for the past decade, to handle these communication traffic loads.  The protocol has become more complex and expanded to accommodate new needs that were not accounted for at the onset. In mid-2015, when Ilya Sokolov presented OpenID Connect protocol to the team as the next step, we were excited to make it happen.  After a year of hard work, the NSL team is proud to announce our certification as an OpenID Connect Provider.  More importantly for you, below, we outline what the protocol offers its adopters:

Simplicity – SAML2.0 protocol uses XML and data compression to minify the message.  This makes it difficult for our clients (Service Provider or Relying Party) to understand why a request failed, and even more difficult to debug a problem without reading the lengthy  SAML 2.0 spec.  OpenID Connect does away with tags and replaces it with JSON schema, thus providing more concise data for developers to examine and identify problems.  The protocol also shifts public details and metadata content from the message to the provider’s metadata end point in human readable form.

Performance – Those who have worked with SAML2.0 protocol understand that a basic SAML2.0 can be quite large.  Currently, a simple request is more than 800 characters and the encrypted response is over 12,000 characters.  OpenID Connect starts with a mobile-first mindset and removes redundant specifications.  In addition, it uses JSON schema and relies on RESTful APIs to make the messages smaller.  As a result, the same request and response in OpenID Connect protocol  is under 3500 characters of uncompressed text.  This is a message size reduction of almost 75%  compared to SAML2.0 protocol!

350px_k-message-size.png Resilience – OpenID Connect is built on top of OAuth2.0 protocol, but extended to provide a standard with flexibility.  One way it achieves this is by creating a separation of concerns, where one end point (URL) is for authentication and authorization (i.e., log in users), while other end points are for other services (e.g., retrieve user’s data).  These end points work together using a token system, where a JSON Web Token (JWT) is used in exchange for the authorized user’s information.

Beyond OpenID Connect Provider certification, the NSL team has also developed a Java client library that your web service can leverage to use OpenID Connect protocol.  This library provides a configuration-based Java Servlet filter that handles a user authentication and session.  If your project is currently authenticating with NSL (at URL), we strongly encourage you to consider this upgrade.  Many prominent identity providers like Google, Microsoft, and Amazon have seen the benefits and have become certified OpenID Connect Providers in the past 18 months.  If you have any questions or want to us know what you think, just shoot us an email.  We welcome and appreciate your feedback.  Even better, visit us in-person! We have team members in the west coast (Culver City, Mountain), east coast (Cambridge), or  India office (Chennai).

0 Favorited
0 Files

Tags and Keywords


Jan 13, 2017 06:53 PM

Este es  un desarrollo interesante y será interesante ver cuántas compañías se trasladan a OpenID a medida que se desarrolla. Estamos en una posición en la que no necesariamente tenemos una opción, cambiando de puesto depende de lo que el proveedor genera compatibilidad. es un gran paso para globalizar la web esperemos que se logre desarrollar de buena manera.

Jan 12, 2017 09:50 AM

glad to see that Symantec has added this to their portfolio. but why did it take so long to become an OpenID provider. The more you can do to be secure the better.

Jan 12, 2017 03:22 AM

Its good to see that Symantec is now a certified OpenID Connect Provider, paving the way so others have to catch up. I currently have no plans to implement but its good to know I could easily.

Jan 09, 2017 05:58 AM

Congratulation Symantec for this Technology...

Hope for the good support.

Jan 09, 2017 04:15 AM

Congratulations to Symantec to cross one more mile in IT Security.
Now we can see what more comes in our way and what all products they will integrate or allow us to interate through OPEN ID. OpenID Connect’s goal is to be much more developer-friendly, while expanding the set of use cases where it can be used. It has already been successful in this; there are production deployments operating at huge scale. Any programmer with sufficient experience to send and receive JSON messages over HTTP (which is most of them these days) should be able to implement OpenID Connect from scratch using standard crypto signature-verification libraries.

Jan 05, 2017 02:30 AM

Dont you think that in the open world....everything is going to be open in recent days.....standards, technology, integrations etc need the help of other and hence the word OPEN coming into picture. Congratulations to Symantec as its entering into this. Looking forward for more OPEN ID certifications which will pave way for more simplified life. Finally 's that kind of pride that the OpenID Connect authors should feel from the OpenID Foundation's latest announcement, which describes a comprehensive conformance testing suite along with a self-certification program that vendors can use to assure their compliance with the OpenID Connect standard.

Dec 30, 2016 10:27 AM

I have build few web-services, though, I usually rely on windows integrated authentication. Mainly because I use ASP.NET with IIS, which makes it a bit simpler for decoupling authentication and authorization (at least to an extent). I can imagine that it is not an easy task if you have a web service that is suppose to handle identity management as well, hence, based on what I've read about Connect ID it does seem like a good product that can ease that part of the task. I will be sure to try it if I ever need to develop something that will server clients that won't be Windows OS only.

Dec 30, 2016 05:02 AM

Many Congratulations to Symantec for this new ...!!!

Happ to see that Symantec is now a certified OpenID Connect Provider.

below are already OpenID Connect providers are -

Hope Symantec will able to provide better service than these provided 

Good Luck again

Dec 27, 2016 11:25 AM

Contar con este proceso tan simple. Hay mucho por hacer, pero es un proceso muy transparente  para el usuario final y todo sucede en pocos segundos, agil. Norton ha hecho un gran trabajo con la integración de sus productos y estoy emocionado de verlo en acción para Symantec. Es una de las marcas mas reconocidas en sistemas de antivurus para hogar. 

Dec 21, 2016 01:28 PM


Nice to see that Symantec is now a certified OpenID Connect Provider..!!!

Interesting to read that they are working with a competator in Norton! 

Dec 21, 2016 11:37 AM

This speaks volumes to Sym's presense as a forward thinker.  In my experience, many security companies are slow to adopt technology outside of their specific wheelhouse so this is great to see.  I hope other vendors take a hint :)

Dec 21, 2016 09:22 AM

This is great news.

I'm glad Symantec has finally done this.

Now lets see how I can use it with some apps

Dec 20, 2016 03:47 PM

That's great news, glad you guys are doing everything you can to be more secure. Hopefully, OAuth 2.0 will help eveyone out as this and other features look to be a big improvment! Look slike you might be the first big security company to jump on this, too!

Dec 20, 2016 09:39 AM

So I'm going to be a bit of negative nelly here... Why did it take Symatnec so long to become an OpenID provider?  I already authenticate to almost everything via Google and what I don't leverage Google for I use Facebook Connect.  

Who is going to leverage Norton as an OpenID provider?  Are people really going to redo their sites to support Norton OpenID?

Look I get it as an option for VIP to login, but you guys are late to the game.  Unless someone can prove me wrong

Dec 20, 2016 08:29 AM

Proves that Symantec continues to be a leader and not only that but truly cares about the state of security. It helps make security easier to implement for its current and future customers. They try to integrate nicely and easily with their solutions and they do a good job.

Dec 19, 2016 06:28 PM

Thank you for making this such a simple process. There is a lot going on on the backend but it's a very simple process for the end user and all happens in just a few seconds. Norton has done a really great job with getting their products integrated and I'm excited to see it in action for Symantec/Bluecoat.

Dec 19, 2016 06:02 PM

glad to see that Symantec has added this to their portfolio.

With the ever changing security needs of the internet and intranet, SAML has its limitations.

With riding on top of OAuth2.0, it can integrate many more devices and allow a top notch security model to follow.

It is almso much simpler that OAuth 1.0 but by default it does not require Digital Signatured but can be turned on and should be turned on.


Dec 19, 2016 01:33 PM

Good to see that OpenID is now working with Symantec.

Maybe it will take off and expand and intergrate with other security products and applications.

Has a very good encryption methodology and paired with a token system offers even stronger security.

Q: How can they make it better? 

A: Get Symantec involved

Dec 19, 2016 01:24 PM


Nice to see that Symantec is now a certified OpenID Connect Provider..!!!

The ones I already know of from OpenID Connect providers are -

I see that Symantec / Norton are evolving themselves lately, which is like catching up with the lost time.

Congratulations again...!!!

Dec 19, 2016 10:51 AM

While OpenID is something we have no plans to use in the future, it's good to see this is now supported, which will make things easier if we ever decide to use this platform.

One to keep my eyes on this in the future.

Dec 19, 2016 09:28 AM

Congrats @Symantec!

Glad to hear you guys a now a OpenID Connect provider!  For some reason, I thought you guys were already a provider, but looks like I was wrong...

I'll have to look into using this as a new solution, going forward!


Dec 19, 2016 06:19 AM

This is certainly an interesting development and it'll be interesting to see how many companies move to OpenID as it develops. We're in a position where we don't necessarily have a choice, shifting over is dependent on what the provider builds compatibility for.

Dec 19, 2016 04:32 AM

Good to see that Symantec is now an OpenID Connect Provider. Interesting to read that they are working with a competator in Norton! Hopefully OpenID Connect certification and working with Nortion will help deliver simplicity, performance and resilience.

Related Entries and Links

No Related Resource entered.