IDP Integration Points

From GFIPM Implementation Wiki
Revision as of 18:32, 1 March 2011 by Lee.Dellenbaugh (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Go Back


Implementing an IDP in a federation requires that two integration issues be addressed. The first of these issues involves the integration of the IDP with the local site's user authentication system (the single sign-on integration point), and the other involves connecting the IDP to the local site's attribute repository (the attribute authority integration point).

At the single sign-on integration point, the user authentication system can be a username/password authentication system (though this form of authentication does not provide enough assurance for the use of most federation resources), a token-based authentication system, a PKI-based client certificate authentication system, or another two-factor authentication system. By having chosen Tomcat as the Web servlet container, we automatically gained support for client certificate authentication of browsers with support for certificate revocation lists (CRLs).

At the attribute authority integration point, the IDP should be connected to the existing attribute data store, which is your local identity management system (such as a LDAP repository).


Go Back
Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=IDP_Integration_Points&oldid=360"