The Identity Microservice’s Federated Identity Service matches the application scope to the defined view and returns requested attributes The Web Application sends the access token to the Identity Microservice’s UserInfo endpoint The Authorization Server returns an access token and ID token
Federated access and identity with ca sso and radiant one code#
The Web Application sends the authorization code to the Authorization Server with its client secret User authenticates and authorizes requestĪuthorization Server redirects user back to the Web Application with an authorization code The Web Application redirects user to the Identity Microservice’s Authorization Server with a client ID and application scope The following diagram breaks down the user-driven Web Application flow: Would you trust a banking application that listed your identity as “User”? When logging into your banking application you not only need to securely identify you as the user, but also must authorize access to your accounts and personalize the site for your profile. Identity is at the core of nearly all web applications - everything from the initial authentication and authorization through to personalization with profile data. There are two main client flows supported by the microservice:Įach of these flows require a different means of interacting with the Identity Microservice. Today, the Identity Microservice’s components are based upon open standards and are both lightweight and highly leveraged by web applications and servers. The Federated Identity Service provides a centralized hub for obtaining application-specific profile data from directories, applications, databases and other microservicesĪdditionally, the Federated Identity Service needs to be able to aggregate and correlate profile data and leverage a real-time cache to ensure that access to profile data performs quickly and within the required application service levels The UserInfo Endpoint handles the requests for identity data and returns the requested profile information (claims) The oAuth Authorization Server provides secure access to the Identity Microservices
The server and web application clients of the Identity MicroserviceĮach of these layers performs a crucial role in securing access to identity data and also allows the microservice to obtain identity data from the required repositories. The Identity Microservice at its core is made up of four layers:įederated Identity Service from applications like Radiant Logic’s FID
The following diagram breaks down the components of the Identity Microservice: The Identity Microservice must also allow for both user-driven and server-to-server access to identity data. The Identity Microservice must be able to not only respond to requests through a standard protocol for identity information, but must also have the means to reach out to these identity repositories in an efficient and responsive manner. However, access to profile data presents a challenge since it is contained across multiple repositories, contained in other applications or even must be consumed from other microservices. Identity also enables other microservices for tasks like authorization applications like Axiomatics, single sign-on, identity management and compliance. When designing applications, identity becomes a key factor to building out a personalized user experience. This improves modularity and enables flexibility during the development phase of the application, making the application easier to understand.
The services are fine-grained and lightweight. Microservices allow applications to be created using a collection of loosely coupled services.