Providers

Providers can be categorized as either a Service Provider or and Identity Provider.

A Service Provider role is played by a system entity, when the system entity provides services to principals or other system entities.

Providers can be internal or external; internal providers are locally hosted and built on JOSSO to deliver IDAM services, while external ones are remotely hosted - in the Cloud, for instance - and built on third-party solutions. Furthermore, given that internal providers are hosted within the user organization, their setup and lifecycle can be fully managed. Whereas with external providers, the user organization can leverage them by establishing Federated SSO connections, but has no right to change their behaviour or have access to the details of the underlying identity and access management back-end. This is because external entities are outside the boundaries of the user organization or administrative unit.

Identity Providers

An Identity Provider is a type of Service Provider that creates, maintains, and manages identity information for principals, and provides principal authentication to other Service Providers within a federation.

Simply put, an Identity Provider supplies authentication for a user, while a Service Provider relies on an Identity Provider to authorize it, and establishes a security context.

An IdP can be connected with a SP through a Federated Identity connection. This establishes a trust relationship between the IdP and the SP, which implies that the latter is willing to rely on the claims about a principal established by the former. The common trust system for SSO exchanges is based on digital signature, which ensures message integrity, authentication and non-repudiation.

An IdP can be associated with an Identity Source through an identity lookup connection. This makes the IdP point to a specific identity store for consuming user and entitlement information.

Such information is then leveraged for backing authentication processes and obtaining claim entries for populating security tokens.

You can configure external identity providers such as Google, Facebook, Azure or any SMAL2 or OpenID Connect supporting service. If you want JOSSO to act as an idp define an iamtf_idp resource. You can also proxy external providers (both IdPs and SPs) using an iamtf_vp

Service Providers

A SP, as mentioned earlier, can be connected with one or more IdPs through a Federated Identity Connection, meaning that the SP will rely upon the claims presented by the trusted IdP.

In addition to where providers are hosted - either internally or externally - a provider must also include information on which protocol will be used to service requests from consumers. JOSSO can handle multiple protocols like OpenID Connect, SAML 2 and JOSSO (custom protocol for non-SSO application integration).