Integration standards
1. Overview
This document describes the supported conformance profiles for authentication integration that PhenixID Authentication Services support.
If you have any questions, please contact us on [email protected].
2. SAML
The conformance spec for SAML is based on these OASIS standards
| Identity Provider (IdP) | ||
|---|---|---|
| Profile | Message flows | Binding |
| Web SSO | AuthnRequest from SP to IdP |
HTTP redirect |
| Web SSO |
AuthnRequest from SP to IdP |
HTTP POST |
| Web SSO |
IdP response from IdP to SP |
HTTP POST |
| Identity Provider Discovery |
Cookie setter |
HTTP |
| Identity Provider Discovery |
Cookie getter |
HTTP |
| Single Logout |
LogoutRequest |
HTTP redirect |
| Single Logout |
LogoutRequest |
HTTP POST |
| Single Logout |
LogoutResponse |
HTTP redirect |
| Single Logout |
LogoutResponse |
HTTP POST |
| Metadata | Consumption |
|
| Metadata | Exchange |
|
| Service Provider (SP) | ||
|---|---|---|
|
Profile |
Message flows |
Binding |
| Web SSO |
AuthnRequest from SP to IdP |
HTTP redirect |
| Web SSO |
AuthnRequest from SP to IdP |
HTTP POST |
| Web SSO |
IdP response from IdP to SP |
HTTP POST |
| Identity Provider Discovery |
Cookie setter |
HTTP |
| Identity Provider Discovery |
Cookie getter |
HTTP |
| Single Logout |
LogoutRequest |
HTTP redirect |
| Single Logout |
LogoutRequest |
HTTP POST |
| Single Logout |
LogoutResponse |
HTTP redirect |
| Single Logout |
LogoutResponse |
HTTP POST |
| Metadata |
Consumption |
|
| Metadata |
Exchange |
|
3. OpenID Connect
OpenID Connect Provider (OP)
- Supports Basic OP Conformance profile, click link (details viewed in chapter 3)
- Supports Authorization code flow grant, click link
- Support Implicit flow, click link
- Supports PKCE (Proof Key for Code Exchange), click link
- Supports Client Initiated Backchannel Authentication (CIBA), click link
OpenID Relying Party (RP)
- Support Basic RP Conformance profile.
- Support Authorization code flow grant.
Please contact us for more information, [email protected].
4. oAuth2
oAuth2 Authorization Server (AS)
- Supports Authorization code flow grant, click link
- Supports Implicit flow grant, click link
- Supports PKCE (Proof Key for Code Exchange), click link
- Supports Client Initiated Backchannel Authentication (CIBA), click link
oAuth2 Relying Party (RP)
- Support Authorization code flow grant.
Please contact us for more information, [email protected].
5. Radius
- Supports PAP, click link
- Supports EAP-TLS, click link
- Supports RADIUS Access-Challenge
- Supports Radius Proxy
- Supports RADIUS attributes and vendor specific attributes