"miniOrange provides a ready to use solution of Single Sign-On attained by integration of miniOrange Identity server with Shibboleth. This solution ensures that you have a ready solution of miniOrange platform to set up Shibboleth Single Sign-On, Two-factor authentication and other access management using OAuth".
Many applications need to interact with each other where they act as Service Provider (SP) or Identity Provider (IDP). Federation protocols like LDAP, SAML and so on enable Single Sign-On (SSO) for these apps. Applications support these protocols, but not all of them have support for each one of the protocol. There is a need for a base platform where the user has to save identity credentials and set up Single Sign-On.
Shibboleth is a free and open source Single Sign-On SAML IDP. It supports different protocols (like SAML, LDAP and so on) for secure connection with third-party applications. It allows users to log in using one identity (like user-name) to the number of user applications.
Shibboleth supports SSO via many federation identity authentication protocols but it does not support OAuth 2.0 protocol. miniOrange provides a solution by configuring miniOrange server between your application and Shibboleth which supports OAuth 2.0 and sets up an identity brokering platform.
Brokering Platform allows the user to login using Shibboleth to any web and mobile applications like Moodle, Atlassian, Google and many more. The User can configure Two Factor Authentication, Risk-based access, IP Restriction, Social Login and so on, on the top of Single Sign-On via miniOrange identity server.
Let's take a case of an educational organization. Students access that website from different parts of the world. These organizations offer scholarships to students on basis of performance and students are awarded traveling facility by air. The application, like StudentsUniverse, is used for awarding discounts to students. A student may log in using college account to book tickets. OAuth authentication is used to achieve this and Shibboleth provides identity credentials.
miniOrange Server can be deployed with Shibboleth SAML IDP within minutes.
You can configure sso for any kind of apps whether it supports OAuth2/OpenID Connect/WS-FED or does not support any standard protocols. You can also manage shibboleth users/groups via proper admin interface in miniOrange server.
When a user sso into any app via miniOrange Server, they receive an SSO session for all other apps that rely on miniOrange for login, regardless of protocol. This ensures a seamless SSO experience across SAML and OAuth2/OpenID Connect/ WS-FED applications.
You can add MFA, IP Restriction, Risk Based Access and Social Login on top of Single Sign-On easily.