Identity provider

An identity provider (abbreviated IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network.^[1]^[2]

An identity provider offers user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.

An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.”^[3] SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface.

Types of identity providers

SAML identity provider

The Security Assertion Markup Language (SAML) is a set of profiles for exchanging authentication and authorization data across security domains. In the SAML domain model, an identity provider is a special type of authentication authority. Specifically, a SAML identity provider is a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes these authentication assertions is called a SAML service provider.

OpenID provider

OpenID Connect (OIDC) is an identity layer on top of OAuth. In the domain model associated with OIDC, an identity provider is a special type of OAuth 2.0 authorization server. Specifically, a system entity called an OpenID Provider issues JSON-formatted identity tokens to OIDC relying parties via a RESTful HTTP API.

Examples of IdPs

Hitachi ID Password Manager: On-Prem and Cloud Based IDP (and SP) for Enterprise. IDP is SAMLv2. SP can also do OAuth. Various authentication options/combinations available.
Ping Identity: On-Prem, Hybrid, and Cloud Based IDP (and SP) for Enterprise, OIDC/SAML/OAuth - Standards based solution.
SecureAuth Identity: On-Prem and Cloud Based IDP (and SP) for Enterprise, Adaptive Authentication
Cierge: Open source, provides email-based OIDC passwordless authentication
Keycloak: Open source, Java-based OIDC/SAML IdP
Auth0: Commercial OIDC IdP
Gluu: Commercial OIDC/SAML IdP
miniOrange: On-Premise and Cloud Based IDP (and SAML SP) for Enterprise, SAML/OAuth
ForgeRock: On-Prem, Hybrid, and Cloud Based IDP, OIDC/SAML/OAuth/UMA, Intelligent Authentication

References

↑ IdP (Identity Provider), mit.edu. Retrieved 25 July 2016.
↑ Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, 2005, oasis-open.org. Retrieved 25 July 2016.
↑ Identity Providers and Service Providers, salesforce.com. Retrieved 25 July 2016.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] IdP (Identity Provider), mit.edu. Retrieved 25 July 2016.

[2] Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, 2005, oasis-open.org. Retrieved 25 July 2016.

[3] Identity Providers and Service Providers, salesforce.com. Retrieved 25 July 2016.