Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Does midPoint supports Single Sign-On (SSO)?

Yes and no. MidPoint is user provisioning identity management system, not access management system. Therefore midPoint is neither authentication server not a SSO server. There are numerous possibilities how to implement these services by using an existing software, ranging from simple LDAP server to a sophisticated flexible access management suites. MidPoint has no ambition to reinvent the wheel of access management therefore it does not contain access management services. A comprehensive explanation of IDM solution components can be found on Enterprise Identity Management page.

...

  • MidPoint can manage the user database of access management system by provisioning to it. This is very common integration scenario.
  • MidPoint can be a SSO client under some circumstances. For example it can be SSO client for Active Directory system by correctly configuring midPoint spring security settings (may currently require some customization). Alternatively midPoint is just a web application therefore it can be integrated to a web-SSO system as an ordinary web application.

Does midPoint support OAuth2, OpenID Connect, SAML and similar protocols ?

No. And yes. OAuth2, OpenID Connect, SAML and similar protocols are protocols from the access management and identity federation world. MidPoint is identity management system, not access management system. Therefore midPoint is neither identity provider, authentication server not a SSO server. That means that midPoint does not implement "server side" of OAuth2, OpenID Connector or SAML protocols. Such implementation is responsibility of Access Management systems. There are plenty such systems to choose from and midPoint can easily integrate with most of them. So, midPoint can support those protocols indirectly in a larger identity and access management (IAM) solution.

However, when it comes to "client side" implementation that a slightly is different story. MidPoint is exposing web-based user interface and (REST) services. It makes sense for midPoint to support OAuth2, OpenID Connect and SAML on those services in a role of service provider (relying party). Unfortunately, this is not yet supported. However, implementing support for those protocols on midPoint interfaces is possible and it can be implemented if needed. Please see Subscriptions and Sponsoring page for more details.

Does midPoint have end-user interface (GUI) similar to what Sun IDM (Waveset) used to have?

...