2016-05-12 21:48:03 +00:00
|
|
|
|
2021-03-18 21:01:43 +00:00
|
|
|
=== Basic {project_name} operations
|
2016-05-12 21:48:03 +00:00
|
|
|
|
2017-08-28 12:50:14 +00:00
|
|
|
{project_name} is a separate server that you manage on your network. Applications are configured to point to and
|
2018-09-05 22:10:36 +00:00
|
|
|
be secured by this server. {project_name} uses open protocol standards like link:https://openid.net/connect/[OpenID Connect]
|
2016-05-12 21:48:03 +00:00
|
|
|
or link:http://saml.xml.org/saml-specifications[SAML 2.0] to secure
|
2017-08-28 12:50:14 +00:00
|
|
|
your applications. Browser applications redirect a user's browser from the application to the {project_name} authentication
|
2021-03-18 21:01:43 +00:00
|
|
|
server where they enter their credentials. This redirection is important because users are completely isolated from applications and
|
2016-05-12 21:48:03 +00:00
|
|
|
applications never see a user's credentials. Applications instead are given an identity token or assertion that is cryptographically
|
|
|
|
|
signed. These tokens can have identity information like username, address, email, and other profile data. They can also
|
|
|
|
|
hold permission data so that applications can make authorization decisions. These tokens can also be used to make secure
|
|
|
|
|
invocations on REST-based services.
|
