OIDC to SAML Identity Provider (internal or external)

Performing this scenario will produce an OpenID Connect Provider, relaying the authorization step to a SAML Identity Provider. PhenixID will act as a SAML Service Provider against the IdP.

Be sure to have configured "Relying party", "Keystore" and "Identity Provider" scenarios prior to executing this scenario.

The "Keystore" scenario can be found under the FEDERATION tab.

The "Identity Provider" scenario can be found under the FEDERATION -  SAML metadata upload tab.

Name & Description

Start by giving the scenario a friendly name and description. Then click Next.

Name and Description

Target Idp

Select the target SAML Identity Provider from the list.

Click next to proceed.

idp

OpenID Connect flow type

Select the OpenID Connect flowtype for this scenario. Both Authorization code flow and Implicit flow is supported and will generate appropriate configuration for selected flow type.

Click next to proceed.

flow type

Tenant

Enter the tenant id to be used with this specific scenario. The tenant is an internally unique identifier for your OpenID Connect Provider you are about to create.

Click next to proceed.

tenant

Allowed relying party

Select the previously configured relying party, ort multiple if needed.

Click next to proceed.

relying party

Authorization endpoint

Enter the OpenID Connect Provider authorization endpoint. This is the endpoint applications will redirect the user agent to when authenticating.

Click next to proceed.

endpoint

Keystore selection

Select one of the keystores uploaded earlier.

Click next to proceed.

Keystore selection

Finalize

Click create and after a couple of seconds the OpenID Connect scenario is ready to handle incoming authentication requests.

Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.

finalize

Edit configuration

Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.

General

General

General information about the scenario including a link to the OP discovery information.

discover

Execution flow

Execution flow

The configured execution flow for this OpenID Connect scenario. Add, edit or delete valves to your specific needs.