Advanced Search
Search Results
234 total results found
Recertification Examples
Recertification Examples
Permissons request steps
Define the Permissons request steps
CAS
Radius
Delegation roles steps
Define the Delegation roles steps
SCIM for Federation
SCIM for Service Providers
TACACS+
Tacacs+
WS-Fed
WS-Federation
Step 1.- How to install Soffid Break glass?
Previous steps
Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid ...
Entity Group
Description An entity group is just like a folder that allows you to manage different kinds of federation members. One of the most common ways to group federation members is by trust level. When you create an entity group, the Identity Providers and the Serv...
Virtual Identity Provider
Definition A single identity provider usually offers different profiles or service levels to diffeferent service provider. To be able to define this behavior, any Identity Provider can be split into many virtual identity providers. Those identity providers wi...
SAML (Security Assertion Markup Language)
Introduction Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. It is an identity federation protocol, born in 2...
OpenID-Connect
Introduction OpenID is an open standard and decentralized authentication protocol. It allows users to be authenticated by cooperating sites (known as relying parties, or RP) using a third-party service, eliminating the need for webmasters to provide their ...
⏰ Getting started
Introduction To configure the Web SSO you must complete the next steps 1. Attribute definition: add the necessary attributes if they are not in the list. 2. Attribute sharing policies: define the proper attribute sharing policies to determine which attrib...
Identity & Service providers
Description Soffid Identity Federation addon helps administrators to manage an Identity Federation. With Soffid you can manage the whole federation security configuration, increasing the security while reducing the federation management costs. Soffid can also...
OpenIDProfile
Definition The Identity Provider will serve the OpenID-Connect protocol. It is possible to accept the default endpoints or modify them. You can check the server features visiting https://<YOUR-IdP>/.well-known/openid-configuration. That JSON gives you inform...
SAML1ArtifactResolutionProfile
Definition Based on SAML version 1 standard. This profile is used when the Service Provider wants to resolve or check a received assertion. Screen overview Standard attributes Class: class name (readOnly field). Enabled: if it is checked (selected opt...
Openid-connect to SAML interoperability
Introduction OpenID-Connect has a clear design suitable for both frontend and backend. SAML has a clear design for the frontend, but the backend usage is harder as the security in SAML cannot be placed at transport layer. Instead, in must be placed at docume...
validate-domain
Definition This operation allows to validate the user domain and return the IDP ower of the user. URL <console-domain>/webservice/federation/rest/validate-domain Method POST Headers Accept = “application/json” Content-Type = “application/...
validate-credentials
Definition This operation allows to validate the credentials of the user against Soffid. URL <console-domain>/webservice/federation/rest/validate-credentials Method POST Headers Accept = “application/json” Content-Type =...
expire-session
Definition This operation allows to close a session created by either validate-credentials or parse-saml-response. If you want to get real global logout, this method invocation is not enough. You should also use the generate-saml-logout-request method. ...
generate-saml-request
Definition This operation allows to generate a SAML request to an external IDP. URL <console-domain>/webservice/federation/rest/generate-saml-request Method POST Headers Accept = “application/json” Content-Type = “applic...
parse-saml-response
Definition This operation allows to validate a SAML response generated by another external IDP that support SAML protocol. URL <console-domain>/webservice/federation/rest/parse-saml-response Method POST Headers Accept = “appl...
generate-saml-logout-request
Definition This operation allows to generate a SAML logout request to be sent to a IdP supporting SAML Global Logout, including Soffid IdP. URL <console-domain>/webservice/federation/rest/generate-saml-logout-request Method ...
Server certificate management
There are two options for certificate management 1. The easiest, fast and cheap one: Do not create any public or private key, nor enter any certificate chain. At first start up, Soffid Identity Provider will generate a new public/private key pair. Using thi...
Soffid IdP as an identity broker
Introduction An Identity Broker is often part of a a Single Sign-On Architecture as an an intermediary service that connects multiple Service Providers with different Identity Provider (IDP)s. Soffid IdP can act as an identity broker. This means that So...
External oAuth / OpenID Identity Providers
Introduction Soffid federation can be composed by a mix of SAML and oAuth / OpenID-connect servers. In such a scenario, Soffid IdP is able to let users be identified by oAuth servers like Linked-in, Google or Facebook, perform all the provision tasks requir...
VaultFolder resource
/VaultFolder Dictionary table The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/VaultFolder.html Query Schema It is allowed to consult all the VaultFolder definitions using the Schema query: Re...