Soffid IdP as an identity broker
&&TODO&&
Introduction
Soffid IdP can act as an identity broker. This means that Soffid IdP can relay on third party identity providers to identify users.
An Identity Broker is often part of a a Single Sign-On Architecture as an an intermediary service that connects multiple Service Providers with different Identity Provider (IDP)s.
Data flow
The following diagram, shows the resulting data flow between the end user, your application, the identity provider and Soffid web services:
Data flow steps
&&TODO&&
1. The end-user requests access to a protected page
2. The custom application can check the user identity looking up a session variable. By the time being, the user is not authenticated.