-
Notifications
You must be signed in to change notification settings - Fork 23
Home
Thijs Kinkhorst edited this page Aug 25, 2019
·
12 revisions
Welcome to the OpenConext-engineblock wiki!
OpenConext Engine is a multi-purpose software component. At a high level, the Engine:
- Provides a Proxy and manages Single Sign On authentication requests and responses
- Offers OpenSocial data based on the SSO user data and Grouper information
OpenConext-engine has the following features:
- Authentication Proxy (https://engine.demo.openconext.org):
- Act as a saml2int compliant SAML2 proxy to allow users of Service Providers to authenticate at Identity Providers;
- Publish metadata on proxy IdP and SP (SAML Entity descriptor);
- Publish metadata on connected IdPs (Entities descriptor), for Transparent IdP Proxy;
- Publish Proxy IdP and SP public certificate;
- Publish metadata on connected IdPs 'Shibboleth style', on a per SP basis;
- Publish metadata on connected IdPs for use with WAYFless URLs and custom WAYFs, on a per SP basis;
- Provide a debug interface for connecting new IdPs;
- Enforce Attribute Release Policy (ARP) as configured via Serviceregistry;
- Enforce Access Controle List (ACL) as configured via Serviceregistry;
- Provide the Virtual Identity Provider feature
-
A "Where Are You From" (WAYF) service
-
A Consent interface for release of end-user (SAML2) attributes
-
An end-user interface (https://profile.demo.openconext.org)
- Allows users to view and administer (add, change, or delete) the information OpenConext has on them regarding:
- Profile information (attributes)
- Group membership information for one or more group providers
- Consent (SAML2)
- Access grants (OAuth)
- Profile and group relations from OpenConext