Identity & Service providers
Description
Soffid Identity Federation addon helps administrators to manage an Identity Federation. With Soffid you can manage the whole federation security configuration, increasing the security while reducing the federation management costs. Soffid can also act as a Service Provider, serving identities to any SAML capable application server.
The main supported standard is SAML. SAML allows to completely detach the identification process from web applications, known as Service Providers. With SAML, identification is performed by specialized servers known as Identity Providers. Additionaly, some other, less secure, but some times convenient protocols like OAuth (Open Authorization) and OpenID-Connect protocols are supported. Elder protocols like Openid (do not confuse with OpenID-Connect) are deprecated and no longer supported.
You can visit the Introduction page to find more information about the federation members.
Screen overview
&&TODO&&
Custom attributes
Entity Group
- Entity Group: name of the group.
- Url Metadata: &&TODO&&
- Providers: by default, it creates two groups, an identity provider and a service provider.
Identity Provider
Identification
- IdP type: identifies the identity provider type. Currently there are six types:
- Soffid IdP: identifies the identity provider implemented by Soffid. Soffid IdP implements both OpenID-Connect and SAML.
- External SAML IdP: is used to identity providers not implemented by Soffid. For instance, it could be an ADFS (Active Directory Federation Services) or Shibboleth identity provider.
Open IDOpenID-Connect: is used forthirdthird-party identity providers, like ADFS.- Facebook: if you
wantselecttothatuse it as an identity provider.option, Oauth2 will be used to identify Facebook users. You will need to register Soffid as a Facebook application to use it. - Google: if you
wantselecttothatuse it as an identity provider.option OpenID-Connect will be used to identify Google users. You will need to register Soffid as a Google application to use it. - Linkedin: if you
wantselecttothatuse it as an identity provider.option, Oauth2 will be used to identify Linkedin users. You will need to register Soffid as a Linkedin application to use it.
- publicID: unique name to identify the identity provider.
- Name: user friendly name to identify the identity provider.
- Organization: company name. &&TODO&& para que se utilizar?
- Contact: email address &&TODO&& para que se utilizar?
Service configuration
- Metadata:
Login rules
- User regular expression:
- Login hint script:
- Identity provisioning script:
Profiles
- Profiles:
Virtual Identity Provider
Service Provider
Actions