Integrating OpenIAM with your IdP

An identity provider (IdP) is a system that creates, stores, and manages digital identities. The IdP can either authenticate the user directly or provide authentication services to third party service providers (applications, websites, or other digital services).

Another solution provided by most IdPs is single sign-on (SSO), which relieves users of the hassle of creating and maintaining multiple usernames and passwords. SSO standards such as SAML simplify integration across applications. However, there are still variances in the integrations.

Before integrating any SSO application with OpenIAM, make sure SSO is configured.

Configuring SSO

It is possible to configure a single-sign-on (SSO) to your applications in OpenIAM. There are two ways of configuring it:

  • Federation protocols such as SAML 2, oAuth 2, OpenID Connect (OIDC).
  • Legacy applications using the reverse proxy.

One of the most used SSO configurations over OpenIAM is using federal protocols. Hence, below one can find a description for the configuring process for SAML, oAuth, OpenID Connect (OIDC) protocols.

SSO MethodDescription
SAML 2Security Assertion Markup Language 2.0 (SAML) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. The section also covers the process of adding a Service Provider to OpenIAM's IDP.
oAuth 2OAuth 2.0 is the industry-standard protocol for authorization
OIDCOpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.

Integrating OpenIAM with IdP

This guide is going to be using Azure as an example of an IdP integrating with OpenIAM as service provider(SP).

In the document by this link you can find a detailed guide on how to integrate OpenIAM with Azure SSO.