External identity providers
SimpleIdServer can utilize external Identity Providers to authenticate the end-user.
When the end-user authenticates for the first time with their external account, a local account will be automatically created in your Identity Provider.
This process is also known as the Just-In-Time Provisioning workflow.
Currently, SimpleIdServer only supports Facebook authentication.
Facebook
To use Facebook as an external Identity Provider, follow these steps :
- Navigate to the
Authentication
menu and click on theAuthentication
link. - Select the
External identity providers
tab and click on the buttonAdd Identity Provider
button. - Under
Identity Provider Type
, chooseFacebook
and click on theNext
button. - Fill-in the form like this and click on the
Next
button.
Key | Value |
---|---|
Name | OtherFacebook |
Display Name | New facebook |
Description |
- Follow this tutorial to obtain the
AppId
andAppSecret
. Then, complete the form accordingly and clickAdd
.
Negotiate
To enable Windows Authentication (also known as Negotiate, Kerberos, or NTLM authentication), follow these steps:
- Navigate o the
Authentication
menu and click on theAuthentication
link. - Select the
External identity providers
tab and click on the buttonAdd Identity Provider
button. - Under
Identity Provider Type
, chooseFacebook
and click on theNext
button. - Fill-in the form like this and click on the
Next
button.
Key | Value |
---|---|
Name | Windows |
Display Name | Windows |
Description | Windows |
- Click on the
Add
button to confirm the creation and navigate to the new mapping rule. - Click on the
Mappers
tab, select and remove all the rows. - Click on the
Add mapper
button and add two rules with the following content:
Key | Value |
---|---|
Mapper Type | Subject |
Name | Subject |
Source Claim Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Key | Value |
---|---|
Mapper Type | Identifier |
Name | Identifier |
Source Claim Name | http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid |
Mapping
The Just-In-Time Provisioning workflow utilizes a list of mapping rules to transform incoming Claims into a local account.
There are two types of Mapping Rules:
- User attribute : It is a dynamic user claim, for example, DateOfBirth.
- User property : It is a static user claim, for example, FirstName or Email.