Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

An IdP is an authoritative source of identity information for users affiliated with the organisation running the IdP. Relying Parties will have a trust relationship of some kind with the IdP that means they trust it to authenticate and authorise users.

Contents

1. Overview

An IdP is an authoritative source of identity information for users affiliated with the organisation running the IdP. Relying Parties will have a trust relationship of some kind with the IdP that means they trust it to authenticate and authorise users.

The client interacts directly with the IdP through a secure tunnel that passes through the Service and its RP Proxy. The user proves who they are to the IdP through this tunnel via a credential exchange of some kind (e.g., passing a username and password across).

Once the user has successfully authenticated to the IdP, the IdP in turn responds to the Service via its RP proxy; it may provide information solely to acknowledge that a user authenticated correctly, or it may provide further information in the form of attributes such as name or membership information.

2. Requirements

2.1. Moonshot Mechanism

Must have the GSS-EAP mechanism installed and configured in the GSS stack

2.2. RADIUS server with Moonshot capability

Something

2.3. Configured to talk to a Trust Infrastructure

E.g. connection to a Trust Router, hierarchical RADIUS infrastructure, whatever.

3. How Moonshot is used on the IdP.

It does stuff.


  • No labels