{"id":13620,"date":"2023-10-10T08:11:13","date_gmt":"2023-10-10T13:11:13","guid":{"rendered":"https:\/\/docs.iotconnect.io\/partnerprogram\/?page_id=13620"},"modified":"2023-10-19T08:22:03","modified_gmt":"2023-10-19T13:22:03","slug":"ids-integration","status":"publish","type":"page","link":"https:\/\/docs.iotconnect.io\/partnerprogram\/resources\/ids-integration\/","title":{"rendered":"IDS integration"},"content":{"rendered":"

Overview<\/h2>\n

Typically, each application layer (front-end, middle-tier and back-end) resource must be protected by implementing authentication and\/or authorization \u2013 often against the same user store. Outsourcing these fundamental security functions to a security token service prevents duplicating this functionality across all applications and endpoints.<\/p>\n

Restructuring the application to support a security token service leads to the following architecture and protocols:<\/p>\n

\"\"<\/p>\n

Authentication<\/h3>\n

Authentication is needed when an application needs to verify the identity of the current user. Usually, applications manage user data and makes sure that the user data is accessible to an authenticated user only. The most common examples are (classic) web applications \u2013 but native and JS-based applications also have a need for authentication.<\/p>\n

The most used authentication protocols are SAML2p, WS-Federation and OpenID Connect \u2013 SAML2p being the most popular and the most widely deployed.<\/p>\n

OpenID Connect is the newest of the three but it is getting wide popularity since it has the potential to cater modern application needs. It was built for mobile application scenarios right from the start and is designed to be API friendly.<\/p>\n

How Identity Server can help in \/IOTCONNECT\u2122<\/h3>\n

Identity Server (IDS) is the middleware that adds the spec compliant OpenID Connect and OAuth 2.0 endpoints to an arbitrary application.<\/p>\n

Typically, you build (or re-use) an application that contains a login and logout page (and maybe consent – depending on your needs), and the Identity Server middleware adds the necessary protocol heads to it so the client applications can talk to it using those standard protocols.<\/p>\n

Below is the architecture diagram that explains how default\/external Identity provider(s) (IDP) redirects to \/IOTCONNECT\u2122 or external IDP login system using \/IOTCONNECT\u2122 Identity Server.<\/p>\n

\"\"<\/p>\n

The \/IOTCONNECT\u2122 platform supports authentication with default IDP as well as external IDP. Once the company user initiates login from the \/IOTCONNECT\u2122 portal, it first redirects to the Identity server (login.iotconnect.io) and verify initial company configuration(s). Finally, the System redirects the user to the \/IOTCONNECT\u2122 default login page or external IDP login page based on company configuration.<\/p>\n

User Info Stored In IDS<\/h3>\n

\/IOTCONNECT\u2122 IDS stores below-mentioned user information in the data store for both default and external IDP.<\/p>\n