50406712fd
* keycloak by Keycloak * uri by URI * oAuth by OAuth * saml by SAML * oidc by OIDC * infinispan by Infinispan * uri vs URI
28 lines
1.5 KiB
Text
Executable file
28 lines
1.5 KiB
Text
Executable file
[[_identity_broker]]
|
|
|
|
== Identity Brokering
|
|
|
|
An Identity Broker is an intermediary service that connects multiple service providers with different identity providers.
|
|
As an intermediary service, the identity broker is responsible for creating
|
|
a trust relationship with an external identity provider in order to use its identities to access internal services exposed by service providers.
|
|
|
|
From an user perspective, an identity broker provides an user-centric and centralized way to manage identities across different security
|
|
domains or realms, where an existing account can be linked with one or more identities from different identity providers or even created
|
|
based on the identity information obtained from them.
|
|
|
|
An identity provider is usually based on a specific protocol that is used to authenticate and communicate authentication and authorization information to their users.
|
|
It can be a social provider such as Facebook, Google or Twitter, a business partner which you want to allow its users to access your services or a cloud-based identity
|
|
service that you want to integrate with.
|
|
Usually, identity providers are based on the following protocols:
|
|
|
|
* `SAML v2.0`
|
|
* `OpenID Connect v1.0`
|
|
* `OAuth v2.0`
|
|
|
|
In the next sections we'll see how to configure and use {{book.project.name}} as an identity broker, covering some important aspects such as:
|
|
|
|
* `Social Authentication`
|
|
* `OpenID Connect v1.0 Brokering`
|
|
* `SAML v2.0 Brokering`
|
|
* `Identity Federation`
|
|
|