IDP System is a Centralized Authentication Solution that create, maintain and manage identity information and authentication for a service provider, Achieve Authentication Services. And also is responsible for providing identifiers for users looking to interact with a system
IDP System can take user information from different sources like (SQL Databases, Radius Server, Active directories and LDAP…). Identity Provider can be described as a Service Provider for storing identity profiles and offering incentives to other SPs with the aim of federating user identities.
Centralized Authentication Features
Multiple Authentication Factors
TrustSec Centralized Authentication Solution can be easy configured to be integrated with different server like SMS Server or Email Server or Radius OTP server to give multiple authentication factors to enhance the security level, in addition to the normal user name and password.
The authentication factors may be one of the following:
- (UID and PWD) with OTP
- (UID and PWD) with SMS
- (UID and PWD) with PKI
- (UID and PWD) with Email
All of the pervious authentication factors enhance the security level and make it strong authentication.
TrustSec IDP or Centralized Authentication Solution can be integrated with different service providers (java, .Net and PHP) SPs to give centralized authentication and this can be done in an easy way and SP uses these identity credentials or authentication factors provided by the IDP through different assertion protocols like:
- SAML 1.1, SAML 2.0
- OpenID, WS-FED, ADFS
- OATH, Liberty Alliance
And SP integration involves passing the identity attributes from the IDP to the target SP application
The SP application uses this information to set a valid session or other security context for the user represented by the identity attributes
The registration for the users who use E-Code IDP, can be verified using another party for example E-Mail server, which send an activation link to the email registered in the user information which increase the trust for both sides.
Also registration can be trusted via mobile operators, also the confirmation is done through SMS sent to the mobile no. registered in the submission form of the user, and all of these can trust the identity of the user who will access the service provider.
The backend system of E-Code IDP has different servers like authentication servers and (Database servers and Radius OTP server, CA servers, Email server, SMS Server).
Radius OTP Server
It the server that can be authentication source and could be the source of users who want to access the SP, it has registered users on it and each user has a set of OTPS which is only one time usage and not valid for the 2nd time, and this module can be integrated easily with other external modules.
The database server can be SQL data base server which has registered users with their credentials (user name and password).
LDAP or Active Directory
Also these are the directories that can holds all the users who want to access the service providers and such like module is very easy to be integrated with other external components which gives more flexibility for the solution.
Email server integrated with TrustSec IDP as it enhance the security and trust level as it used to send activation link on the email registered in the submission form of the user which enhance the trust level also for both sides
If you look from any view to the Centralized Authentication solution, you will find that it is fully secured for the 2 side of the client and the service provider side. As TrustSec Centralized authentication system allows the user information to be stored on one host, minimizing the risk of security loopholes.
Multiple reasons cause this ultimate security. The first is the use of the OTP authentication technology or the using the PKI solution provided by TrustSec smart token. And the second is the strong secure communication between the system entities.
TrustSec Centralized Authentication solution can be used with services and applications. It also integrates easily with many platforms i.e. Windows, Linux.
The Centralized Authentication System (TrustSec IDP) responses quickly to authentication requests received from applications servers.
TrustSec IDP system provides the system admin the ability to track all authentication events handled and other operations by the system. This is done through log files and other features to view the authentication history in graphical diagrams.
TrustSec IDP solution is highly available system since it provides option to back up the system databases and directories easily. This can be done easily based on customer requirements.
Ease of use
By using the Centralized Authentication solution the user has no need to register himself through multiple steps into a service provider, just submit his information for first time into the Centralized Authentication solution (TrustSec IDP) and then will be authenticated through multiple service providers identified into TrustSec Centralized authentication system (TrustSec IDP).
Also, integration with different Authentication Sources like LDAP directories or Radius OTP server or SMS is provided by the Centralized Authentication solution.
As for the strong authentication supplied by using TrustSec IDP, it gives more privacy for different SPs as only the authenticated person who registered his information through TrustSec IDP and gives his credentials will access the service provider, which ensure that no hackers will access these SPS and gives more security control over the SPS which finally gives privacy for both users and service providers.
TrustSec IDP is complied with the standard as for the backend servers like OTP Radius server is OATH certified for both TOTP and HOTP tokens. Also the PKI authentication factors follow the standards and used the common security encryption techniques.