IDP Integration Points

From GFIPM Implementation Wiki
Jump to: navigation, search
Go Back


Two integration issues must be addressed in order to implement an IDP in a federation:


  • Integrate the IDP with the local site's user authentication system (the single sign-on integration point).
  • Connect the IDP to the local site's attribute repository (the attribute authority integration point).


At the single sign-on integration point, the user authentication system can be a username/password authentication system (though this form of authentication does not provide enough assurance for the use of most federation resources), a token-based authentication system, a PKI-based client certificate authentication system, or another two-factor authentication system. By having chosen Tomcat as the Web servlet container, we automatically gained support for client certificate authentication of browsers with support for certificate revocation lists (CRLs).

At the attribute authority integration point, the IDP should be connected to the existing attribute data store, which is your local identity management system (such as an LDAP repository).


Go Back
Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=IDP_Integration_Points&oldid=367"