OpenIDProfile

Definition

The Identity Provider will serve the OpenID-Connect protocol. It is possible to accept the default endpoints or modify them.

You can check the server features visiting https://<YOUR-IdP>/.well-known/openid-configuration. That JSON gives you information about the oAuth authentication types allowed, the key URL, the soported authentication methods and the info about the endpoints defined.

You can download an example openid-configuration.json

Screen overview

Standard attributes

Class: class name (readOnly field).
Enabled: if it is checked (selected option is Yes) that protocol will be enable.
Discovery endpoint: call this endpoint to request the OpenID-Connect provider metadata.
Authorization endpoint: call this endpoint to request or authorization grant.
Token endpoint: call this endpoint to get the token or to renew the token.
Revoke endpoint: call this endpoint when you finish and do not need more use the token.
User info endpoint: call this endpoint to request user information.

SAML (Security Assertion Markup Language)

SAML architecture

SAML Example

OpenID-Connect

OpenID-Connect architecture

OpenID-Connect example

CAS (Central Authentication Service)

CAS architecture

CAS Example

Radius (Remote Authentication Dial-In User Service)

Radius architecture

Radius Example

TACACS+ (The Terminal Access Controller Access-Control System Plus)

TACACS+ architecture

TACACS+ Example

WS-Fed

WS-Fed Architecture

WS-Fed Example

⏰ Getting started

Attribute definition

Attribute sharing policies

Identity & Service providers

Shared signals & events members

Entity Group

Identity Provider

Service Provider

Virtual Identity Provider

Profiles

OpenIDProfile

SAML1ArtifactResolutionProfile

SAML1AttributeQueryProfile

SAML2ArtifactResolutionProfile

SAML2AttributeQueryProfile

SAML2ECPProfile

SAML2SSOProfile

CAS

Radius

ESSO

How to deploy the identity & service provider

Change Password URL

How to perform unsolicited login

Connecting an OpenID Connect service

Connecting a SAML service

Connecting Soffid console

Connecting your custom applications

Openid-connect to SAML interoperability

Openid-connect Dynamic Register

Connecting CAS client

Connecting Tacacs+

Connecting Radius client

validate-domain

validate-credentials

expire-session

generate-saml-request

parse-saml-response

generate-saml-logout-request

Soffid IdP as an identity broker

External oAuth / OpenID Identity Providers

OpenIDProfile

Definition

Screen overview

Standard attributes