Integration standards

1. Overview

This document describes the supported conformance profiles for authentication integration that PhenixID Authentication Services support.

If you have any questions, please contact us on [email protected].

2. SAML

The conformance spec for SAML is based on these OASIS standards

Identity Provider (IdP)
Profile Message flows Binding
Web SSO AuthnRequest from SP to IdP
HTTP redirect
Web SSO
AuthnRequest from SP to IdP
HTTP POST
Web SSO
IdP response from IdP to SP
HTTP POST
Identity Provider Discovery
Cookie setter
HTTP
Identity Provider Discovery
Cookie getter
HTTP
Single Logout
LogoutRequest
HTTP redirect
Single Logout
LogoutRequest
HTTP POST
Single Logout
LogoutResponse
HTTP redirect
Single Logout
LogoutResponse
HTTP POST
Metadata Consumption

Metadata Exchange

Service Provider (SP)
Profile
Message flows
Binding
Web SSO
AuthnRequest from SP to IdP
HTTP redirect
Web SSO
AuthnRequest from SP to IdP
HTTP POST
Web SSO
IdP response from IdP to SP
HTTP POST
Identity Provider Discovery
Cookie setter
HTTP
Identity Provider Discovery
Cookie getter
HTTP
Single Logout
LogoutRequest
HTTP redirect
Single Logout
LogoutRequest
HTTP POST
Single Logout
LogoutResponse
HTTP redirect
Single Logout
LogoutResponse
HTTP POST
Metadata
Consumption

Metadata
Exchange

3. OpenID Connect

OpenID Connect Provider (OP)

  • Supports Basic OP Conformance profile, click link (details viewed in chapter 3)
  • Supports Authorization code flow grant, click link
  • Support Implicit flow, click link
  • Supports PKCE (Proof Key for Code Exchange), click linkĀ 
  • Supports Client Initiated Backchannel Authentication (CIBA), click link

OpenID Relying Party (RP)

  • Support Basic RP Conformance profile.
  • Support Authorization code flow grant.

Please contact us for more information, [email protected].

4. oAuth2

oAuth2 Authorization Server (AS)

  • Supports Authorization code flow grant, click link
  • Supports Implicit flow grant, click link
  • Supports PKCE (Proof Key for Code Exchange), click link
  • Supports Client Initiated Backchannel Authentication (CIBA), click link

oAuth2 Relying Party (RP)

  • Support Authorization code flow grant.


Please contact us for more information, [email protected].

5. Radius

  • Supports PAP, click link
  • Supports EAP-TLS, click link
  • Supports RADIUS Access-Challenge
  • Supports Radius Proxy
  • Supports RADIUS attributes and vendor specific attributes