Skip to main content

Identity & Service providers

Description

Soffid Identity Federation addon helps administrators to manage an Identity Federation. With Soffid you can manage the whole federation security configuration, increasing the security while reducing the federation management costs. Soffid can also act as a Service Provider, serving identities to any SAML capable application server.

The main supported standard is SAML. SAML allows to completely detach the identification process from web applications,  known as Service Providers. With SAML, identification is performed by specialized servers known as Identity Providers.  Additionaly, some other, less secure, but some times convenient protocols like OAuth (Open Authorization) and OpenID-Connect protocols are supported. Elder protocols like Openid (do not confuse with OpenID-Connect) are deprecated and no  longer supported.

You can visit the Introduction page to find more information about the federation members.

Screen overview

&&TODO&&

Custom attributes

Entity Group

  • Entity Group: name of the group.
  • Url Metadata: &&TODO&&
  • Providers: by default, it creates two groups, an identity provider and a service provider.

Identity Provider

Identification

  • IdP type: identifies the identity provider type. Currently there are six types:
    • Soffid IdP: identifies the identity provider implemented by Soffid. Soffid IdP implements both OpenID-Connect and SAML.
    • External SAML IdP: is used to identity providers not implemented by Soffid. For instance, it could be an ADFS (Active Directory Federation Services) or Shibboleth identity provider.
    • OpenID-Connect: is used for third-party identity providers, like ADFS.
    • Facebook: if you select that option, Oauth2 will be used to identify Facebook users. You will need to register Soffid as a Facebook application to use it.
    • Google: if you select that option OpenID-Connect will be used to identify Google users. You will need to register Soffid as a Google application to use it.
    • Linkedin: if you select that option, Oauth2 will be used to identify Linkedin users. You will need to register Soffid as a Linkedin application to use it.
  • publicID: unique name to identify the identity provider.
  • Name: user friendly name to identify the identity provider.
  • Organization: company name. &&TODO&& para que se utilizar?
  • Contact: email address &&TODO&& para que se utilizar?

Service configuration

  • Metadata:

Login rules

  • User regular expression:
  • Login hint script:
  • Identity provisioning script:

Profiles

  • Profiles:

 

Virtual Identity Provider

Service Provider

 

Actions

 

 

 


https://en.wikipedia.org/wiki/Identity_provider