miniOrange Identity Broker
Perform sso between IDP and SP supporting different protocol with miniorange identity broker.
No need to understand complex SSO Protocols
Easy to perform SSO with any Identity provider
Provides stable, fast and secure 24/7 access to your online service
Identity broker provides an intermediate service to perform single sign-on (sso) between identity provider and service provider. Identity brokering is a way through which you can create a link between your providers following different protocols. Not every user knows how protocols like SAML, OpenID, OAUTH or CAS works and where they can be used, in that case it gets complicated to implement such protocols and it is also expensive and time consuming.
miniOrange Identity Broker can integrate any type of app following any standard protocol like SAML, OpenID, OAUTH or CAS.Identity Broker service hides all the complexity of these protocols and the only thing you need to know is how to call an HTTPs endpoint which is very much simpler than understanding all these different standards. miniOrange Identity Broker connects all known SPs and IDPs like ADFS, Okta, salesforce, SimpleSamlPhp, Shibboleth, PING, RSA, Centrify, One Login, miniOrange or any other SSO identities.
Supports cross protocol
It supports Cross Protocol i.e.you can configure any Service Provider following a particular protocol with an Identity Provider following some different protocol.
No need to understand or implement complex SSO protocols like SAML, OpenID, OpenID Connect, WS Feed, OAuth, or any other. Instead, you can just call the HTTPs endpoints.
Configure any IDP
You can configure any IDP of your choice including OKTA, PING, RSA, Centrify, Google, Facebook, Linkedin and even a customized one.
How miniOrange comes into Act as Identity Broker?
So, we’ll be seeing how miniOrange provides its broker services. Earlier we have seen how identity broker works and provides a platform where we can configure Service Providers and Identity Providers following different protocols.
To better understand how Identity Broker works, we'll consider some of the examples and see how it goes.
Authenticate mobile application through ADFS using JWT Tokens
For this we’ll take ADFS as our Identity Provider which supports SAML protocol and an external application “Cordova”. We’ll authenticate our mobile application through ADFS using JWT Tokens. miniOrange provides a solution which allows you to login to your mobile application with ADFS.Learn More
Configure any OAuth Provider with applications supporting different protocols
You can configure any OAuth Provider like Salesforce, Slack, Meetup which supports OAuth to single sign-on into apps that supports other protocols like SAML, OpenID Connect, JWT, etc. using our Identity Broker service.Learn More
Setup Active Directory as User Store and configure any application
You can configure any Identity Provider like AD, OpenDS which supports LDAP to single sign-on into applications which doesn’t support any protocol or supports protocols like OAuth, OpenID Connect, JWT, etc. for single sign-on.Learn More
Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains communication of identities and organization. SAML is a framework for exchanging user authentication and authorization data. Using SAML, a service provider can contact a separate identity provider to authenticate users who are trying to access secure content.
The SAML specification defines three roles:
The principal (typically an user)
Identity Provider creates, maintains and manages identity information and provides authentication to other service providers. It issues an authentication assertion in SAML SSO. The identity provider can functions as an authentication and an attribute authority by including attribute assertion in the response.
Service Provider act as a relying party in SAML SSO which receives and accepts authentication and authorization(assertion) from identity provider. Service Provider provides services to principals or other system entities.
How SAML Single-Sign-On (SSO) works?
The most use case addressed by SAML is web browser SSO. SAML SSO works by transferring a users identity from one place(identity provider) to another(service provider) by exchanging the digitally signed XML documents. Let's assume the user is in the SSO environment and act as an identity provider where he wants to log in to a remote application(the service provider).
The user loads the application by clicking on the link to application or similar.
The application identifies the user origin either by application subdomain or user IP address and sends an authentication request by sending the user back to the identity provider for authentication.
The user either has been registered with the identity provider or established new logging with the identity provider.
The identity provider post an authentication response in the form of a base64 encoded XML document contains the user's attributes and signs it with X.509 certificate to the service provider(application).
The service provider(which already knows the identity provider) retrieves the authentication response and validates it using the certificate signature.
And the user relation established.
Why use SAML SSO?
The benefits of using SSO with SAML are:
- Reduce Password Loss:
SAML SSO will eliminate password issues such as reset and recovery, which will reduce the time to recover old passwords.
- Reduced costs for the service provider:
With SAML you don't have to maintain an account for multiple services. The identity provider will burden this.
- User experience:
Without any authentication, a user can access multiple service provider by signing in just once which allows a faster and better experience at each service provider.
SAML is a standard format which allows interoperating with any system independent of implementation.It takes away the common issues associated with vendor and platform-specific approaches.
- Loose Coupling of Directories:
SAML does not require maintaining and synchronized user information between directories.