Univention ID Broker architecture documentation

Contents:

• 1. Introduction
  • 1.1. About this document
  • 1.2. Big Picture - what is the Univention ID Broker?
  • 1.3. Use Cases
    • 1.3.1. Overview
    • 1.3.2. End user single sign-on
    • 1.3.3. End user comfort in SaaS offering
    • 1.3.4. Onboarding of new IDPs
    • 1.3.5. Onboarding of new Service Providers
    • 1.3.6. Operation if the ID Broker environment
    • 1.3.7. Univention as software vendor
  • 1.4. Requirements and demarcation
    • 1.4.1. Requirements
    • 1.4.2. Demarcation
  • 1.5. Stakeholder
• 2. High level architectural overview
  • 2.1. Participants
  • 2.2. Components
• 3. School authority components
  • 3.1. School authorities / schools
    • 3.1.1. Identity management
    • 3.1.2. Identity provider
    • 3.1.3. UCS@school ID Connector
• 4. ID Broker components
  • 4.1. Modules
    • 4.1.1. UCS / UCS@school core system
    • 4.1.2. Provisioning API
    • 4.1.3. Self-disclosure API
    • 4.1.4. Self-disclosure database builder
    • 4.1.5. SSO Broker
  • 4.2. Pseudonymization
    • 4.2.1. Management of Service Providers
    • 4.2.2. Form of the Pseudonyms
    • 4.2.3. Generation of pseudonyms
    • 4.2.4. Future evolutions of the pseudonymization
  • 4.3. Scaling
• 5. Interactions between components
  • 5.1. Authentication and user data retrieval
• 6. Appendix
  • 6.1. ID Broker architecture and flows
    • 6.1.1. Theory
    • 6.1.2. Requirements for the auth flow
    • 6.1.3. ID Broker Flow
    • 6.1.4. Alternatives
  • 6.2. Data model
    • 6.2.1. Mapping LDAP / UDM / UCS@school attributes
  • 6.3. manage-service-providers
• 7. Glossary
• 8. Indices and tables