13 lines
1,019 B
Text
13 lines
1,019 B
Text
|
|
||
|
|
=== How Does Security Work?
|
||
|
|
|
||
|
|
{{book.project.name}} is a separate server that you manage on your network. Applications are configured to point to and
|
||
|
|
be secured by this server. {{book.project.name}} uses open protocol standards like link:http://openid.net/connect[Open ID Connect]
|
||
|
|
or link:http://saml.xml.org/saml-specifications[SAML 2.0] to secure
|
||
|
|
your applications. Browser applications redirect a user's browser from the application to the {{book.project.name}} authentication
|
||
|
|
server where they enter their credentials. This is important because users are completely isolated from applications and
|
||
|
|
applications never see a user's credentials. Applications instead are given an identity token or assertion that is cryptographically
|
||
|
|
signed. These tokens can have identity information like username, address, email, and other profile data. They can also
|
||
|
|
hold permission data so that applications can make authorization decisions. These tokens can also be used to make secure
|
||
|
|
invocations on REST-based services.
|