The Service Provider SSO-enables and Federation-enables web applications written with any programming language or framework; integrating natively with popular web servers such as Apache and IIS. A loosely coupled integration strategy allows you to support SAML, rich attribute-exchange, and many value-added features, often without significantly changing your application code or using proprietary interfaces.
The normal Service Provider process is:
- Intercept access to a protected resource or application entry point.
- Discover the user's choice of Identity Provider.
- Issue a SAML authentication request to the selected Identity Provider.
- Process the SAML authentication responses and extract rich user information.
- Apply local policies and gather additional data.
- Pass rich identity information to application resources.
- Support for Apache and IIS web servers and FastCGI authorizers on a wide range of platforms, including Windows, Linux, OS X, and Solaris.
- Excellent scalability in both user load and management of Identity Providers.
- Support for virtualization of web servers and applications.
- Works with all compliant SAML implementations.
- A variety of authorization and policy-oriented features.