How to deploy the identity & service provider
&&TODO&& ??????????????????
Step-by-step
1. To deploy the identity & service provider is advisable to install a dedicated sync server. It can be configured as a proxy sync server as it does not need direct access to Sofid database. Instead, it will connect to main sync servers to get users and federation information.
To install a proxy sync server follow the instructions at the Install Syncserver page.
2. The next step will be to create an Entity Group.
2.1. First of all, open the Identity & Service providers page
2.2. Then, click the "Add group" button and Soffid will display a new window to fill in the Entity group attributes.
2.3. Once you fill in the fields, you need to save (disk button) or apply changes (Apply changes button) to save the data.
When the Entity Group is created, inside there will be two options, one to create the Identity Providers and other to create the Service Providers.
2.2.1. Clicking on the Identity Providers record a identity providers list will be displayed and it will be able to create new identity providers. To create a new Identity Provider continue on the step 3rd.
2.2.1. Clicking on the Service Providers record a service provider list will be displayed and it will be able to create new service providers. To create a new Service Provider continue on the step 4th.
3. New Identity ProviderProvider:
3.1. To create a new Identity Provider you can click on the "Add identity provider" button on the tree view, or click the add button (+) on the Identity Provider list. Then Soffid will display a new window.
3.2. At the new window you must select the IdP type you want to create aand fill in the required fields. The fields to full fill dependsdepend on the IdP type. You can visit the Identity Provider page for more detail.
3.2.1. When you are creating a Soffid Identity Provider, to create an agent will be necessary. On the connector parameters you must define a unique Public ID which will be used on the Identity Provider configuration. To create an agent you can visit the Agents page.
3.3. One you fill in all the data, you need to save (disk button) or apply changes (Apply changes button) to save the data.
,4. New Service Provider:
4.1. To create a new Service Provider you can click on the "Add service provider" button on the tree view, or click the add button (+) on the Service Provider list. Then Soffid will display a new window.
4.2. At the new window you must define protocol or subset of protocols implemented byselect the IdentityService Provider.provider type you want to create and fill in the required fields. The fields to full fill depend on the IdP type. You can visit the Profiles chapter
3.3. Sending identities attributes
When a service providers requires the user information, the mechanism to publish the user attributes is a two step process:
The attribute values are computed based on the attributes value expression.The policies are evaluated to guess which attributes and attribute values can be disclosed for the requesting service provider.
This mechanism is triggered when:
The user is authenticated and a SAML assertion with attributes statements is being sent to the service provider (SSO Profile).The service provider queries the user attributes using the SAML AttributeQueryProfile.the user is authenticated and a OpenIDConnect token is generated, as the OpenIDConnect token contains all the user attributes.The service provider queries the user attributes using the OpenIDConnect user-info endpoint.
4. New Service Provider
o create a new Service Provider, you can view the Service Provider page .for more detail.
4.3. One you fill in all the data, you need to save (disk button) or apply changes (Apply changes button) to save the data.