Integration standards
Overview
This document describes the supported conformance profiles for authentication integration that PhenixID Authentication Services support.
If you have any questions, please contact us on support@phenixid.se.
SAML
The conformance spec for SAML is based on these OASIS standards
Identity Provider (IdP) | ||
---|---|---|
Profile | Message flows | Binding |
Web SSO | AuthnRequest from SP to IdP | HTTP redirect |
Web SSO | AuthnRequest from SP to IdP | HTTP POST |
Web SSO | IdP response from IdP to SP | HTTP POST |
Identity Provider Discovery | Cookie setter | HTTP |
Identity Provider Discovery | Cookie getter | HTTP |
Single Logout | LogoutRequest | HTTP redirect |
Single Logout | LogoutRequest | HTTP POST |
Single Logout | LogoutResponse | HTTP redirect |
Single Logout | LogoutResponse | HTTP POST |
Metadata | Consumption | |
Metadata | Exchange |
Service Provider (SP) | ||
---|---|---|
Profile | Message flows | Binding |
Web SSO | AuthnRequest from SP to IdP | HTTP redirect |
Web SSO | AuthnRequest from SP to IdP | HTTP POST |
Web SSO | IdP response from IdP to SP | HTTP POST |
Identity Provider Discovery | Cookie setter | HTTP |
Identity Provider Discovery | Cookie getter | HTTP |
Single Logout | LogoutRequest | HTTP redirect |
Single Logout | LogoutRequest | HTTP POST |
Single Logout | LogoutResponse | HTTP redirect |
Single Logout | LogoutResponse | HTTP POST |
Metadata | Consumption | |
Metadata | Exchange |
OpenID Connect
OpenID Connect Provider (OP)
- Supports Basic OP Conformance profile, click link (details viewed in chapter 3)
- Supports Authorization code flow grant, click link
- Support Basic, Implicit and Hybrid flow, click link
- Supports PKCE (Proof Key for Code Exchange), click link
- Supports Client Initiated Backchannel Authentication (CIBA), click link
OpenID Relying Party (RP)
- Support Basic RP Conformance profile.
- Support Authorization code flow grant.
Please contact us for more information, support@phenixid.se.
oAuth2
oAuth2 Authorization Server (AS)
- Supports Authorization code flow grant, click link
- Supports Implicit flow grant, click link
- Supports PKCE (Proof Key for Code Exchange), click link
- Supports Client Initiated Backchannel Authentication (CIBA), click link
- Supports access tokens issued as JWTs according to RFC 9068
- Supports token introspection according to RFC 7662
- Supports token revocation according to RFC 7009
oAuth2 Relying Party (RP)
- Support Authorization code flow grant.
Please contact us for more information, support@phenixid.se.
Radius
- Supports PAP, click link
- Supports EAP-TLS, click link
- Supports RADIUS Access-Challenge
- Supports Radius Proxy
- Supports RADIUS attributes and vendor specific attributes