The primary objective of this document is to provide system administrators with instructions on how to set up, configure and manage IDentia Trusted Identity Provider (IdP) service products and components. After reading this guide, you should become familiar with the installation, configuration, and administration processes of IDentia service products. This document deals with configuration and installation of IDentia Trusted IdP using the IDentia installation package.
This guide is written for administrators of IDentia Trusted IdP, with the responsibility of maintaining the IDentia-related services and applications, configuring the IdP service components, and managing users for authentication. At this point, the IDentia products only support Java EE based Web applications.
1.3. IDentia SAML IdP Overview
IDentia is a software product suite that provides a flexible and robust Identity and Access Management (IAM) solution designed for the extended enterprises. As a key service component in the IDentia product family, the IDentia Trusted IdP is a SAML 2.0 compliant implementation for federated identity management. It supports various user authentication mechanisms (including username/password, multi-factor and X.509 digital certificate) for multiple service providers with single sign-on (SSO) and single logout (SLO) functions. Combined with standard-compliant service providers (such as the IDentia Trusted RP), the IDentia Trusted IdP enables flexible user authorizations to support both Role Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). IDentia is designed to run as an Identity as a Service (IDaaS) in a cloud environment, providing enterprises with a flexible and cost-effective solution to facilitate federated identity management and user attribute exchange across multiple organizations.
The IDentia Trusted IdP is implemented in Java and equipped with a web-based GUI for run-time service administration and dynamic configuration. The key features of the IDentia Trusted IdP include:
- Single Sign-On (SSO) and Single Logout (SLO)
- Dynamic Configuration of Service Providers and their Metadata
- Dynamic Configuration of LDAP Services for Multiple LDAPs
- Automatic Attribute Type Mapping from LDAP to SAML
- Run-time Auditing and Monitoring of Active User Sessions
A sample demo relying party (RP) application and a sample LDAP is bundled with the installation package to help you to jumpstart your federated identity implementation. This demo RP can be used as a template for integrating your service applications with the Trusted IdP. For detailed instructions, please refer to the IDentia Trusted IdP Integration Guide.
Other IDentia products include IDentia Discovery Service, Attribute Service and Policy Admin Service. These products can be used in combination to establish a large-scale IAM framework, streamline and automate the enterprise IAM process. For more detailed product information and support, please visit http://www.identiainc.com or contact firstname.lastname@example.org.
The Security Assertion Markup Language (SAML) is an industry standard for implementing externalized user authentication through an identity provider (IdP). An externalized IdP interacts with one or more Relying Parties (RPs) to perform user authentication in a distributed web environment. When a user is requesting a resource hosted on an RP, the RP redirect the user to an IdP for authentication. Once a user is authenticated, an authentication token will be issued to the RP to inform the RP that the user has been authenticated. Upon verification and validation of the authentication token, the RP will grant user access to resources hosted on the RP.
1.5. Supported Browsers
The following Web browsers have been successfully tested with IDentia:
- Google Chrome v.27+
- Mozilla Firefox v.13+
- Safari v.6.0+
- Internet Explorer v.6.0+