Identity Provider

Description

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

An Identity Provider is responsible for identifying users. Also, it is responsible for giving service providers information regarding the identified user.

Soffid allows you to configure different identity providers, you can choose the best option for you by selecting the IdP type:

To create an identity provider, it is advisable to install a dedicated sync server. It can be configured as a proxy sync server as it does not need direct access to the Soffid database. Instead, it will connect to the main sync server to get users and federation information.

For more information about how to configure a dedicated sync server, you can visit the Install Sync server page.

Standard attributes

The fields for each IdP type are detailed below:

Soffid IdP

Identification
Service Configuration

The Metadata is the information that any application needs to use the IdP. That is an XML file that contains the public encryption keys and the services provided

Leave it blank as Soffid IdP will fulfill it for you.

The metadata will be created when the network data and SAML Security data. Restarting the sync server will be necessary to fill in the Metadata.

Network
💻 Image

image-1709029065265.png

Server certificate management: there are two options for certificate management. You can visit the Server certificate management page for more information.

SAML Security
Session management
Authentication
Advanced Authentication
Profiles

A profile is a protocol or subset of protocols implemented by the Identity Provider. There are some accepted protocols, those allows a custom config dependent on the selected profile.

You can visit the Profiles chapter for more information about each one.

Look and feel

Soffid allows you to personalize your login page by adding some style elements, as well as header and footer elements.


External SAML IdP

Identification
Service Configuration

The Metadata is the information that any application need to use the IdP. That is an XML file that contains the public encryption keys and the services provided

Leave it blank as Soffid IdP will fulfill it for you.

Login Rules

OpenID-Connect

Service Configuration

{
    "authorization_endpoint": "https://server/oauth2/auth",
    "token_endpoint": "https://server/oauth2/token",
    "userinfo_endpoint": "https://server/oauth2/userinfo",
    "scopes_supported": [ "openid","email","profile"]
}

The Metadata is the information that any application need to use the IdP. That is an XML file that contains the public encryption keys and the services provided

Login rules

sn = attributes{"screen_name"};
i = sn.indexOf(" ");
if (i> 0) {
	user.firstName = sn.substring(0, i);
	user.lastName = sn.substring(i+1);
} else {
	user.firstName = "?";
  	user.lastName = sn;
}
return attributes{"name"};

Facebook

Identification
Service Configuration
Login rules

Google

Identification
Service Configuration
Login rules

Linkedin

Identification
Service Configuration
Login rules

(*) What is CAPTCHA --> https://support.google.com/a/answer/1217728?hl=en

(*) https://www.google.com/recaptcha/about/


Revision #66
Created 8 September 2021 09:43:11 by pgarcia@soffid.com
Updated 27 February 2024 10:25:55 by pgarcia@soffid.com