Identity Provider Proxy | Planning Steps

Proxy solutions like the Cirrus Identity Provider Proxy sit in the middle of things. A bit of planning before getting started will go a long way to reducing initial confusion. Consider the following questions:

  1. Who is the target audience?

    • What IdP(s) will the audience use?

    • Does the audience vary based on the Service Provider being accessed?

  2. What is/are the Service Providers that will be accessed?

    • Do the Service Providers meet Cirrus Identity Provider Proxy requirements (support either SAML v2 or CAS)?

    • Are the Service Providers registered with InCommon or one of the other eduGAIN federations? -- If not, you will need to share the metadata with Cirrus Identity (there are a few options for accomplishing this)?

    • Do the Service Providers have an authorization process to control access that is separate from authenticating to the service?

  3. Will the Proxy be required to provide access control?

  4. How will the end user “discover” which Identity Provider to use with the Proxy -- which is another way of saying what discovery configuration will the Proxy have?

Next you will want to look at Cirrus Identity Provider Proxy | Getting Started.