Settling a « Circle of Trust »
A circle of trust is a set of services which trust the same entity to guarantee users identities : the identity provider. This IdP relies on one or several database(s) (LDAP, SQL,...) containing users informations.
We are able to install a multiprotocol identity provider, which will use your database(s) (only one or several of different kinds) to make your services relying on it for users authentication : the Circle of Trust is created, users only have to authentify once for all the services.
The Identity provider we install and configure is based on Lasso and called. It supports several unique authentication protocols (SAML 2.0, Shibboleth, ID-FF 1.2, OpenID, Kerberos, et CAS) and multiple standard authentication mechanisms: classic and unique use passwords (OATH and google-authenticator), by certificates (via SSL/TLS) and via a tiers SAML 2.0/OpenID unique authentication server (Authentic 2 can thus work as a SAML 2.0/OpenID from/to SAML 2.0/OpenID proxy).
We offer to the public an open identity provider « in the cloud » called. Everyone can sign up for a free account. Identity Hub allows to benefit from a SAML 2.0 or OpenID identity provider. The site has no advertisement.
Integrate an application into a « Circle of Trust »
To add the support of an identity federation protocol to your applications and integrate them in a Circle of Trust, we use two different methods :
- Implement the protocol directly into the application thanks to our C library, or Django Authsaml 2 provided with
- Setting up an authentifying reverse-proxy which works as a translator between the application and the identity provider thanks to , an apache module or , our SAML 2.0, OpenID and CAS reverse proxy . This solution is less complete than the previous one but necessary when you don't want to/can't modify the application code.
Counselling, support, information system urbanization
We provide a complete set of services (Counselling, hosting, installation, deployment, training) andaround our applications, to offer any additional feature.
We also offer a first class, through yearly contracts or through a tickets system, to guarantee the exploitation without any unavailability.