Configuring inbound authentication for a service provider¶
The inbound authenticator component of MWARE IAM identifies and parses all the incoming authentication requests and builds the corresponding response. A given inbound authenticator has two parts:
Authenticator process | Functionality |
---|---|
Request Processor | Accept a request from a service provider, validate the request, build a common object model that is understood by the authentication framework, and hand over the request to it. |
Response Builder | Accept a common object model from the authentication framework and build a response. |
The request processors and the response builders are protocol-aware, while the authentication framework is not coupled to any protocol.
MWARE IAM includes inbound authenticators for SAML 2.0, OpenID Connect, OAuth 2.0, Kerberos KDC, and WS-Federation (passive).
Info
See the Identity Server Architecture for more information on how inbound authentication fits into the overall scheme.
Prerequisites¶
You need to register a service provider on the Management Console.
Removed Feature!
OpenID 2.0 has been removed from the base product in MWARE IAM version 5.3.0 onwards as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend that you use OpenID Connect.
Configure inbound authentication¶
To configure inbound authentication for the registered service provider:
- On the Management Console, go to Main > Identity > Service Providers.
- Click List, select the service provider you want to configure, and click on the corresponding Edit link.
-
Expand the Inbound Authentication Configurations section and expand the section that you wish to configure.
You can configure inbound authentication for the following protocols:
- SAML2 Web SSO Configuration
- OAuth/OpenID Connect Configuration
- OpenID Configuration
- WS-Federation (Passive) Configuration
- Kerberos KDC
Related Topics
See Single Sign-On for details on configuring single sign-on for service provider using inbound authentication. See the following topics for samples of configuring single sign-on: