Ceptor - Get a Free Trial

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview

Ceptor supports Identity Federation with third parties using SAML or OpenID Connect, or by supplying various proprietary methods via custom Authentication plugins, such as ETicket.

These federations have existed for many years, configured via name/value pairs in the session controllers configuration.
See Microsoft ADFS Integration / WebSSO SAML and JWT / OpenID Connect for details.

But as a new feature in Ceptor v6.4, these can be configured in an easily accessible GUI within Ceptor Console instead of the older method, making it easier to configure.
Configuration is now stored as JSON objects within the configuration, but for backwards compatibility reasons, the older approach using properties documented in the links above is still possible.

Note that if the session controller configuration contains a JSON object called federation_JSON_ then this JSON type configuration is used, and the older properties are ignored.

OAuth2 / JWT / OpenID Connect

Concepts

In its OpenID Connect related configuration, Ceptor has these elements.

  • Tokens
  • Scopes
  • Fields
  • Identity Providers

Tokens

Tokens are distinct and separate configurations for JWT Tokens - it covers configuration for how to issue tokens, but also how to parse tokens received from others.
This approach makes it possible to issue different tokens with separate content to different parties.

When used together with Ceptor API Management it is possible to specify specific types of tokens issued to specific Partners and Applications (see Managing Partners, Applications and Developers)

Scopes

Scopes are used to define which fields end up in which token - here you can specify that if a client asks for e.g. a scope called "salary" when requesting a token, then you control which attributes are added to the ID token, Access Token and Userinfo respectively.
This gives you fine grained control of which data you expose under which conditions.

Fields

Some attributes are themselves objects, such as the OpenID Connect "address" object - by configuring them here, you control which attributes are included, and from where the information within originates.

Identity Providers

When Ceptor authenticates users using foreign OpenID Connect Providers, you can define the authentication providers here.
These Identity Providers are then used within the Ceptor Gateway - see Location - Authentication for information about how to configure the gateway to use these identity providers under specific conditions. 

SAML Service Provider / Relying Party


SAML Identity Provider



  • No labels

© Ceptor ApS. All Rights Reserved.