Title: Use Case for Asimba as SAML Proxy
1 Use Case for Asimba as SAML Proxy
- Gluu is currently evaluating the idea of
incorporating the Asimba SAML platform on the
Gluu Server (in addition to Shibboleth). SAML can
be confusing, even to the experts. We at Gluu
worked on the diagram below as a simple overview
of why a SAML proxy might be useful, and where it
would fit in the Gluu open source stack. -
- A few things to note
-
- The main advantage of the proxy is a very simple
configuration for the SP. If the website is a
SaaS or off-the-shelf software, you may only get
one way to trust the IDP. Discovery and
re-direction to your respective home domain IDP
are handled by the proxy. -
- Internal websites that dont care about other
federated IDPs can just point to your SAML IDP
directly.
2Applications using the Asimba proxy can request a
specific authentication type via SAML ACR
request. Authentication business logic is
handled in OXno need to support 2FA in both SAML
and OAuth2. In many cases, the OX OP also grabs
a legacy SSO ticket (i.e. CAS, Siteminder,
etc.) In a federation with many IDPs, if the
participants trust the federation operator, it is
efficient for the federation operator to manage
trust with the websites. For example, instead of
updating 1,000 IDPs to update their
configuration, just update the proxy. Article
Resource- http//thegluuserver.wordpress.com/2013
/12/30/use-case-for-asimba-as-saml-proxy
3- Sprint could support standard APIs for
authentication and authorization, and enable an
ecosystem of partners to authenticate Sprint
customers via Internet standard API. - How is this better than Sprints current
solution? - Supporting standards is important because we live
in a world where there are multiple consumer
IDPs, and if a website needs a special API to use
your IDP, it will probably just not support you. - What is the cost of your solution?
- Gluu sells support on its product. However, I
think there might be some sponsored
co-development opportunities. - Who are some of your current customers?
- Toshiba uses Gluu to deliver authentication for
its Cloud TV Service in Japan and Europe (and
soon in the US). We have more than 20 university
customers, in addition to a number of large
enterprise customers.
4We also are designing an authentication/authorizat
ion platform for the State of TX K-12 students,
and a citizen authentication platform for the
Philippines (90M users). In the telecom industry,
we worked with British Telecom on a multi-year
VOIP project, and have advised Rackspace on the
design of their authentication system. Do you
have any additional information or
comments? Please check the latest OpenID Connect
test results. Look in the last column for Gluu,
and you can see that our server is currently the
most comprehensive implementation of an OpenID
Connect Provider. Article Resource-http//theglu
userver.wordpress.com/2013/11/22/submission-to-spr
int-innovate-why-sprint-should-support-openid-conn
ect/