External identity providers
SimpleIdServer can utilize external Identity Providers to authenticate the end-user.
When the end-user authenticates for the first time with their external account, a local account will be automatically created in your Identity Provider.
This process is also known as the Just-In-Time Provisioning workflow.
Currently, SimpleIdServer only supports Facebook authentication.
Facebook
To use Facebook as an external Identity Provider, follow these steps :
- Navigate to the
Authenticationmenu and click on theAuthenticationlink. - Select the
External identity providerstab and click on the buttonAdd Identity Providerbutton. - Under
Identity Provider Type, chooseFacebookand click on theNextbutton. - Fill-in the form like this and click on the
Nextbutton.
| Key | Value |
|---|---|
| Name | OtherFacebook |
| Display Name | New facebook |
| Description |
- Follow this tutorial to obtain the
AppIdandAppSecret. Then, complete the form accordingly and clickAdd.
Negotiate
To enable Windows Authentication (also known as Negotiate, Kerberos, or NTLM authentication), follow these steps:
- Navigate o the
Authenticationmenu and click on theAuthenticationlink. - Select the
External identity providerstab and click on the buttonAdd Identity Providerbutton. - Under
Identity Provider Type, chooseFacebookand click on theNextbutton. - Fill-in the form like this and click on the
Nextbutton.
| Key | Value |
|---|---|
| Name | Windows |
| Display Name | Windows |
| Description | Windows |
- Click on the
Addbutton to confirm the creation and navigate to the new mapping rule. - Click on the
Mapperstab, select and remove all the rows. - Click on the
Add mapperbutton and add two rules with the following content:
| Key | Value |
|---|---|
| Mapper Type | Subject |
| Name | Subject |
| Source Claim Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Key | Value |
|---|---|
| Mapper Type | Identifier |
| Name | Identifier |
| Source Claim Name | http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid |
Mapping
The Just-In-Time Provisioning workflow utilizes a list of mapping rules to transform incoming Claims into a local account.
There are two types of Mapping Rules:
- User attribute : It is a dynamic user claim, for example, DateOfBirth.
- User property : It is a static user claim, for example, FirstName or Email.