Table of Contents

Integration standards

Overview

This document describes the supported conformance profiles for authentication integration that PhenixID Authentication Services support.

If you have any questions, please contact us on support@phenixid.se.

SAML

The conformance spec for SAML is based on these OASIS standards

Identity Provider (IdP)
Profile Message flows Binding
Web SSO AuthnRequest from SP to IdP HTTP redirect
Web SSO AuthnRequest from SP to IdP HTTP POST
Web SSO IdP response from IdP to SP HTTP POST
Identity Provider Discovery Cookie setter HTTP
Identity Provider Discovery Cookie getter HTTP
Single Logout LogoutRequest HTTP redirect
Single Logout LogoutRequest HTTP POST
Single Logout LogoutResponse HTTP redirect
Single Logout LogoutResponse HTTP POST
Metadata Consumption
Metadata Exchange
Service Provider (SP)
Profile Message flows Binding
Web SSO AuthnRequest from SP to IdP HTTP redirect
Web SSO AuthnRequest from SP to IdP HTTP POST
Web SSO IdP response from IdP to SP HTTP POST
Identity Provider Discovery Cookie setter HTTP
Identity Provider Discovery Cookie getter HTTP
Single Logout LogoutRequest HTTP redirect
Single Logout LogoutRequest HTTP POST
Single Logout LogoutResponse HTTP redirect
Single Logout LogoutResponse HTTP POST
Metadata Consumption
Metadata Exchange

OpenID Connect

OpenID Connect Provider (OP)

  • Supports Basic OP Conformance profile, click link (details viewed in chapter 3)
  • Supports Authorization code flow grant, click link
  • Support Basic, Implicit and Hybrid flow, click link
  • Supports PKCE (Proof Key for Code Exchange), click link
  • Supports Client Initiated Backchannel Authentication (CIBA), click link

OpenID Relying Party (RP)

  • Support Basic RP Conformance profile.
  • Support Authorization code flow grant.

Please contact us for more information, support@phenixid.se.

oAuth2

oAuth2 Authorization Server (AS)

  • Supports Authorization code flow grant, click link
  • Supports Implicit flow grant, click link
  • Supports PKCE (Proof Key for Code Exchange), click link
  • Supports Client Initiated Backchannel Authentication (CIBA), click link
  • Supports access tokens issued as JWTs according to RFC 9068
  • Supports token introspection according to RFC 7662
  • Supports token revocation according to RFC 7009

oAuth2 Relying Party (RP)

  • Support Authorization code flow grant.

Please contact us for more information, support@phenixid.se.

Radius

  • Supports PAP, click link
  • Supports EAP-TLS, click link
  • Supports RADIUS Access-Challenge
  • Supports Radius Proxy
  • Supports RADIUS attributes and vendor specific attributes