Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This APPNAME installation and OURNAME AAI proxy integration guide complements the  end-user oriented guide on OURNAME AAI Proxy Installation (it will be moved elsewhere, e.g. a README, once it is completed). All information that is common to integration of various  OURNAME AAI proxy  has been OURNAME AAI Proxy Installation Document/README Outline  followed by as set of app/SP-specific guides based on the APPNAME usage with OURNAME AAI Proxy template. They should not overlap.

This text details the process of configuring the APPNAME application to function with the OURNAME AAI proxy. It

The document aims to assist service providers in setting up APPNAME and integrating it with an instance of OURNAME AAI proxy, which acts as an identity provider using SAML (or OIDC) support provided by APPNAME. The integration streamlines APPNAME setup and maintenance by leveraging the BRANDNAME OURNAME AAI proxy to conceal IDP(s) and potentially centralise management for multiple applications.

...

find . -type f -name "*.md" -exec sed -i 's/%OIDC_ISSUER%/https:\/\/oidc.muni.cz\/oidc\//g' {} +

----

OURNAME AAI Proxy Installation Document/README

This should be a separate doc, possibly the proxy's README. You can base it on https://wiki.geant.org/pages/viewpage.action?pageId=725614690#SoftwarelicenceselectionandmanagementinG%C3%89ANT-READMEFile, following this structure:

  • Purpose or intent, which authors may sometimes omit as it may appear self-evident to them.
  • Scope, supported settings, requirements or constraints of the application which may not be apparent to a reader encountering the project on the intranet.
  • Installation and configuration.
  • Usage.
  • Roadmap and known issues.
  • Community contributions.
  • Acknowledgments, dependencies and used tools.
  • Software licence and licences of differently licensed components.

Keep technical documentation in a separate .md file.

Below are a few related scraps that could be of help:

About AAI Proxy

Overview of AAI Proxy (SAML/OIDC-based) What it serves for.

Features

The offered proxy supports (some ideas about what could be mentioned – check, I do not know where this is from!!!):

  • SAML2
    • HTTP-Redirect binding
    • HTTP-POST binding
    • Signed responses
    • Public URL with metadata in XML
  • OIDC
    • Well-known endpoint
    • Authorization endpoint
    • Public URL with keys in JWKS
    • Token endpoint
      • Optional basic authentication using client secret
    • Userinfo endpoint
    • Proof Key for Code Exchange (PKCE) - S256
    • Standard scopes and corresponding claims (OpenID, email, profile)
    • Refresh tokens

Setup

Where is available.

How to install it.

Configuration.

Connecting it to IdP(s).

Capturing SAML or OIDC configuration parameters for providing to the SPs or RPs.

Registration of SPs or RPs with the proxy.

How to check if it works (could be a separate section).

How to check if the SPs or RPs is registered (without using it).

Contributions

Background Info

Implementation notes, descriptions and documentation

Further reading

...