Search Results

Definition Based on SAML version 1 standard. This profile is used when the Service Provider wants to resolve or check a received assertion. Screen overview Standard attributes Class: class name (readOnly field). Enabled: if it is checked (selected opt...

Definition Based on SAML version 1 standard. This profile is used when the SSOProfile does not include attributes statements in the assertion. This profile allows to the applications request user data. When you are configuring the profile, you could define w...

Definition Based on SAML version 1 standard. This profile is used when the Service Provider wants to resolve or check a received assertion. The profile configuration settings are quite similar to those present in SAML2SSOProfile. When you are configuring the...

Definition Based on SAML version 1 standard. This profile is used when the SSOProfile does not include attributes statements in the assertion. This profile allows to the applications request user data. When you are configuring the profile, you could define w...

Definition The Enhanced Client Profile is used when the Service Provider is not a web application. Nowadays, it is rarely used, as most mobile applications have shifted to OAuth or OpenIDConnect. When you are configuring the profile, you could define what da...

Definition This is the most commonly used SAML profile. It allows the IdP to identify users and to give such information to Service Providers. This profile is used to log in. When you are configuring the profile, you could define what data will be encrypted ...

Description A profile is a protocol or subset of protocols implemented by the Identity Provider. There are some accepted protocols, those allows a custom config dependent on the selected profile. The accepted protocols are the following: 1. OpenIDProfile 2...

Introduction Adaptive authentication is designed to improve the security of online accounts by adding an additional layer of protection against unauthorized access. When the authentication is being defined, Soffid allows you to add some adaptive authenticati...

Step-by-step To enable the kerberos authentication method, the identity provider must have a keytab file that enables it to authenticate users. The steps to get it are described below: 1. First of all, you need to create a net user. You can use the old-fashi...

Introduction There are three basic OpenID flows, depending whether the service name must be authenticated using its client secret or not: OpenID flow Implicit flow The Service Provider sends the user to the IdP. The IdP authenticates the user. The ...

Introduction SAML 2.0 is a complex and not easy to implement standard. There are some libraries that can help somewhat, but a correct implementation needs a deep knowledge of SAML protocol, and is always hard to test and debug. To make it easier, Soffid prov...

Introduction OpenID-Connect has a clear design suitable for both frontend and backend. SAML has a clear design for the frontend, but the backend usage is harder as the security in SAML cannot be placed at transport layer. Instead, in must be placed at docume...

Introduction Soffid console has a built-in SAML client, so it can act as a service provider in the Soffid federation. It is interesting to use this configuration, as it allows you to enforce the use of two factors authentication to log into the Soffid console...

Introduction To connect a SAML service provider, the service provider must offer you its SAML metadata. The SAML metadata contains information about its public id, the services that implement and the service endpoints. Register a SAML service provider 1. Op...

Introduction You can use an Identity Provider defined into Soffid to connect to Office 365. You only need to register the Office 365 metadata into a Soffid Service Provider and register the Identity Provider Metadata into your Office 365. At this tutorial So...

Definition This operation allows to validate the user domain and return the IDP ower of the user. URL <console-domain>/webservice/federation/rest/validate-domain Method POST Headers Accept = “application/json” Content-Type = “application/...

Definition This operation allows to validate the credentials of the user against Soffid. URL <console-domain>/webservice/federation/rest/validate-credentials Method POST Headers Accept = “application/json” Content-Type =...

Definition This operation allows to close a session created by either validate-credentials or parse-saml-response. If you want to get real global logout, this method invocation is not enough. You should also use the generate-saml-logout-request method. ...

Definition This operation allows to generate a SAML request to an external IDP. URL <console-domain>/webservice/federation/rest/generate-saml-request Method POST Headers Accept = “application/json” Content-Type = “applic...

Definition This operation allows to validate a SAML response generated by another external IDP that support SAML protocol. URL <console-domain>/webservice/federation/rest/parse-saml-response Method POST Headers Accept = “appl...