*** Welcome to piglix ***

Identity provider


In computing, an Identity provider (IdP), also known as Identity Assertion Provider, can:

This may be achieved via an authentication module which verifies a security token that can be accepted as an alternative to repeatedly explicitly authenticating a user within a security realm.

For example: a website, application or service may allow users to log in with the credentials from a social-networking service like Facebook or Twitter; these services will act as Identity providers. The social-networking service verifies that the user is an authorized user and returns information to the website - e.g. username and email address (specific details might vary). This authentication system is called Social login.

Perimeter authentication involves a user being authenticated only once (single sign-on). The user obtains a security token which is then validated by an Identity provider for each system that the user needs to access.

Some Identity Assertion Providers support several security token types - such as SAML, SPNEGO, and X.509.

Sometimes Identity providers can work as proxies for other Identity providers, enabling the creation of trust relationships that can be employed to simplify the management of service providers.

"Provider" is a generic way of referring to both IdPs (Identity Providers) and SPs (Service Providers). There are overlaps when it comes to defining Identity providers vs. Service Providers. According to the OASIS organization that created SAML, an Identity provider is defined as "A kind of provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers within a federation, such as with web browser profiles."

In this respect, Salesforce defines an Identity provider as a trusted provider that allow users to make use of a single sign-on property to access other websites where a service provider is no more than a website that hosts applications while Ping Identity sees the Service provider as a business-process outsourcing vendor or a SaaS provider who wants to simplify client access to its services and the Identity provider can be an enterprise that manages a large number of user accounts who may need secure Internet access to the Web-based applications or services of customers, employees or business partners.


...
Wikipedia

...