Federate IdP authentication through Restful API endpoint

The Identity Application (IdP) created in SiX IDaaS & IAM supports delegating the authentication flow via a RESTful API call. When the IdP receives a user's credentials, it forwards them to a configured RESTful API endpoint for verification. The user credentials are encrypted using an RSA public key before transmission, and the API endpoint is expected to use the corresponding private key to decrypt the data and respond with the verification result.

INFO

A common use case is when an enterprise stores all employee credentials in its internal Active Directory (AD). To maintain security, the enterprise typically prefers not to expose the AD admin credentials to external systems. In such scenarios, this type of integration provides a secure alternative.

TIP

After federation, your IdP user will benefit from MFA, personal information sharing consent control, more at: Overview of Data Security & Privacy

TIP

Authentication federation refers to authentication delegation. After the Identity Provider (IdP) in the SiX IDaaS & IAM tenancy receives the authentication request, it delegates the request to the Restful API endpoint.

Steps to federate IdP authentication through Restful API endpoint

1. Create an SiX IDaaS & IAM IdP(identity application) tenant

On SiX IDaaS & IAM console, go to "Authentication -> Create Identity Application" to create an IdP(identity application) tenant, change the "Authentication Sources:" to "Outside authentication source(http/https endpoint)".

2. Set the federated IdP parameters

Set the Restful IdP parameters etc. An image

WARNING

When the IdP is created, an RSA 256 private key will be generated once to let the IdP owner to download it, the following authentication data flow between SiX IDaaS & IAM and the restful endpoint will be encrypted through the public key.

3. Create an OAuth2 Client tenant and associate it with IdP tenant

Creaate an OAuth2 Client tenant on the SiX IDaaS & IAM console and associate it with IdP(identity application) tenant.

Create IdP for SPA

4. Use the OAuth2 Client in your application

Apply the OAuth2 Client tenant information in your application to initiate the authentication process, when the authentication process is triggered, SiX IDaaS & IAM will handle the authentication federation process automatically.

5. Your application get ID information and associate it with your local user ID

You can get the IdP tenant "openId" and the ID of federated Restful provider user through parsing JWT and use /userinfo endpoint.

Federate IdP authentication through Restful API endpoint ​

Steps to federate IdP authentication through Restful API endpoint ​

1. Create an SiX IDaaS & IAM IdP(identity application) tenant ​

2. Set the federated IdP parameters ​

3. Create an OAuth2 Client tenant and associate it with IdP tenant ​

4. Use the OAuth2 Client in your application ​

5. Your application get ID information and associate it with your local user ID ​