keycloak-scim/server_admin/topics/overview/how.adoc

13 lines
998 B
Text
Raw Normal View History

2016-05-12 21:48:03 +00:00
=== How Does Security Work?
2017-08-28 12:50:14 +00:00
{project_name} is a separate server that you manage on your network. Applications are configured to point to and
be secured by this server. {project_name} uses open protocol standards like link:http://openid.net/connect[Open ID Connect]
2016-05-12 21:48:03 +00:00
or link:http://saml.xml.org/saml-specifications[SAML 2.0] to secure
2017-08-28 12:50:14 +00:00
your applications. Browser applications redirect a user's browser from the application to the {project_name} authentication
2016-05-12 21:48:03 +00:00
server where they enter their credentials. This is important because users are completely isolated from applications and
applications never see a user's credentials. Applications instead are given an identity token or assertion that is cryptographically
signed. These tokens can have identity information like username, address, email, and other profile data. They can also
hold permission data so that applications can make authorization decisions. These tokens can also be used to make secure
invocations on REST-based services.