SAS PCE for SAML/OIDC Application
A standard application that follows either the Security Assertion Markup Language (SAML) protocol, OpenID Connect (OIDC) protocol, or both can be secured by integrating it with SafeNet Authentication Service Private Cloud Edition (SAS PCE).
This integration is achieved by using Keycloak as an Identity Provider (IdP), which allows configuring an application (client) using either SAML or OIDC protocol depending upon the application's compatibility with them. In this integration, SAS PCE provides multi-factor authentication in the context of authentication requests received by the Keycloak IdP from SAML or OIDC applications. Keycloak also provides SSO capabilities.
This documentation enables you to integrate any standard application with SAS PCE for authentication.
In a SAML application integration, no return attributes can be passed, and in an OIDC application integration, no claims can be passed when using the Keycloak IdP.
The integration comprises the following components:
-
STA Hybrid Access Management Service Pack: Consists of Keycloak and SafeNet Keycloak Agent. Here, Keycloak acts as an identity provider (IdP).
-
SAS PCE: Provides Multi-factor authentication (MFA) to a standard application.
-
A standard application: An application that follows modern authentication protocols such as SAML, OIDC, or both.
Supported Use Cases
This integration supports the service provider (SP)-initiated flow for SAML and OIDC applications.
Authentication Flow
The image below illustrates the authentication process, which ensures secure access to an application.
Integration - SAML/OIDC Service Provider applications with SAS PCE
Integrating a SAML/OIDC Service Provider (SP) application with SAS PCE requires, configuring an IdP and an SP application. You need to complete specific prerequisites before starting the configuration for this integration.
