Home

Welcome to the OpenConext-engineblock wiki!

OpenConext Engine is a multi-purpose software component. At a high level, the Engine:

• Provides a Proxy and manages Single Sign On authentication requests and responses
• Offers OpenSocial data based on the SSO user data and Grouper information

OpenConext-engine has the following features:

1. Authentication Proxy (https://engine.demo.openconext.org):

• Act as a saml2int compliant SAML2 proxy to allow users of Service Providers to authenticate at Identity Providers;
• Publish metadata on proxy IdP and SP (SAML Entity descriptor);
• Publish metadata on connected IdPs (Entities descriptor), for Transparent IdP Proxy;
• Publish Proxy IdP and SP public certificate;
• Publish metadata on connected IdPs 'Shibboleth style', on a per SP basis;
• Publish metadata on connected IdPs for use with WAYFless URLs and custom WAYFs, on a per SP basis;
• Provide a debug interface for connecting new IdPs;
• Enforce Attribute Release Policy (ARP) as configured via Serviceregistry;
• Enforce Access Controle List (ACL) as configured via Serviceregistry;
• Provide the Virtual Identity Provider feature

1. A "Where Are You From" (WAYF) service

2. A Consent interface for release of end-user (SAML2) attributes

3. An end-user interface (https://profile.demo.openconext.org)

• Allows users to view and administer (add, change, or delete) the information OpenConext has on them regarding:
• Profile information (attributes)
• Group membership information for one or more group providers
• Consent (SAML2)
• Access grants (OAuth)
• Profile and group relations from OpenConext

More information

• Attribute Manupulations
• Attribute Release Policy (ARP)
• Corto
• Deprovisioning
• IdP initiated login
• Mapping attributes to 'user friendly' names
• My own WAYF
• Profile information
• Provisioning new users and their attributes
• Public Endpoints
• SAML2 Support
• virtual IdP