Advanced Authentication facilitates you to authenticate with different Identity Providers, such as OAuth 2.0, OpenID Connect, and SAML 2.0 with the Web Authentication method. The Web Authentication method uses browser and http based authentication protocols and can be used in web environment or hybrid applications.
Before you configure the Web Authentication method, ensure that you set the correct Public external URLs (load balancers) that provisions Advanced Authentication to the users.
NOTE:Ensure that you use a valid certificate for the Advanced Authentication server. Users may face enrollment issues on the Internet Explorer and Microsoft Edge browsers, if the certificates are not valid.
To configure the Web Authentication method for Advanced Authentication, perform the following steps:
Click Methods > Web Authentication.
Click Add in Identity providers.
Select the Authentication type.
Click the arrow icon.
Web authentication method supports the following authentications:
OAuth 2.0: Advanced Authentication applies RFC6749 for OAuth 2.0 authentication. For more information, see https://github.com/OpenIDC/pyoidc.
OpenID Connect: Advanced Authentication uses OpenID Connect Core specification 1.0. For more information, see https://openid.net/specs/openid-connect-core-1_0.html.
SAML 2.0: Advanced Authentication implements SAML 2.0 on top of xmlsec and python-saml. For more information see, https://github.com/mehcode/python-saml. This implementation of SAML protocol does not completely comply to SAML 2.0 standards but is compatible with Microsoft ADFS.
You can configure the Web Authentication method to use the following Identity Providers: