Profiles

Profiles

Description

A profile is a protocol or subset of protocols implemented by the Identity Provider. There are some accepted protocols, those allows a custom config dependent on the selected profile.

The accepted protocols are the following:

1. OpenIDProfile

2. SAML1ArtifactResolutionProfile

3. SAML1AttributeQueryProfile

4. SAML2ArtifactResolutionProfile

5. SAML2AttributeQueryProfile

6. SAML2ECPProfile

7. SAML2SSOProfile

8. CAS

9. Radius

10. Tacacs+

11. Ws-Federation

12. Shared signals & events

13. Esso

Screen overview

image.png

When an identity provider is created, by default, all the profiles appear disabled (the profile is displayed strikethrough). It will be necessary to config one by one depending on your company needs. To config a profile you must click on the proper profile, and Soffid will display a new window to config it.

Actions

Open profile

If you click on a row of the profile list, Soffid will display a modal window with the data and configuration of the profile selected.


OpenIDProfile

Definition

The Identity Provider will serve the OpenID-Connect protocol. It is possible to accept the default endpoints or modify them.

You can check the server features visiting https://<YOUR-IdP>/.well-known/openid-configuration. That JSON gives you information about the oAuth authentication types allowed, the key URL, the soported authentication methods and the info about the endpoints defined.

You can download an example openid-configuration.json

Screen overview

Standard attributes


SAML1ArtifactResolutionProfile

Definition

Based on SAML version 1 standard. This profile is used when the Service Provider wants to resolve or check a received assertion.

Screen overview

image-1638533916859.png

Standard attributes



SAML1AttributeQueryProfile

Definition

Based on SAML version 1 standard. This profile is used when the SSOProfile does not include attributes statements in the assertion. This profile allows to the applications request user data.

When you are configuring the profile, you could define what data will be encrypted and signed.

Screen overview

image-1638533961155.png

Standard attributes

Assertion Lifetime examples:


https://en.wikipedia.org/wiki/ISO_8601 

http://saml.xml.org/saml-specifications

SAML2ArtifactResolutionProfile

Definition

Based on SAML version 1 standard. This profile is used when the Service Provider wants to resolve or check a received assertion. The profile configuration settings are quite similar to those present in SAML2SSOProfile.

When you are configuring the profile, you could define what data will be encrypted and signed.

Screen overview

image-1638534011855.png

Standard attributes


SAML2AttributeQueryProfile

Definition

Based on SAML version 1 standard. This profile is used when the SSOProfile does not include attributes statements in the assertion. This profile allows to the applications request user data.

When you are configuring the profile, you could define what data will be encrypted and signed.

Screen overview

image-1638534055413.png

Standard attributes


SAML2ECPProfile

Definition

The Enhanced Client Profile is used when the Service Provider is not a web application. Nowadays, it is rarely used, as most mobile applications have shifted to OAuth or OpenIDConnect.

When you are configuring the profile, you could define what data will be encrypted and signed.

Screen overview

image-1638534117678.png

Standard attributes


SAML2SSOProfile

Definition

This is the most commonly used SAML profile. It allows the IdP to identify users and to give such information to Service Providers. This profile is used to log in.

When you are configuring the profile, you could define what data will be encrypted and signed.

Screen overview

image-1638534204054.png

Standard attributes


CAS

Definition

Cas protocol is rarely used.

Screen overview

image-1661330455520.png

Standard attributes

ESSO

Definition

Here is an explanation about how to configure the ESSO profile by using Soffid as Identity Provider.

Please note that the profile parameters will be automatically updated on the PCs.

Screen overview

image.png

Standard attributes

Configuration

Once you have configured the Esso profile you must add an Adaptive authentication rule.

For more information, visit the Condition for Adaptive authentication page.

image.png

Radius

Definition

Networking protocol that authorizes and authenticates users who access a remote network.

Screen overview

image-1661330603198.png

Standard attributes