Table of Contents
The Federation component of OpenIG is a standards based authentication service used by OpenIG to validate a user and retrieve key attributes of the user in order to log them into the target applications.
There are two ways the Federation Service can be invoked:
-
IDP initiated SSO, where the remote Identity Provider sends an unsolicited Authentication statement to OpenIG
-
SP initiated SSO where OpenIG calls the Federation Service to initiate Federated SSO with the Identity provider
In either case, the job of the Federation Service is to validate the user and pass the required attributes to OpenIG to log the user into target applications.
See the Tutorial For the Federation Gateway for hands on experience with the Federation Gateway.
