Provides the capability to delegate logins to an OIDC or SAML provider for authentication purposes

Zebra provides out-of-the-box support for OIDC (OpenID Connect) and SAML (Security Assertion Markup Language) protocols, making it highly adaptable for delegating authentication to a wide array of OIDC or SAML providers.

How Zebra Fulfils This Requirement:

  • Zebra as a Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) Provider: At its core, Zebra can function as both a SAML and OIDC provider. This means it can issue security assertions (SAML) or tokens (OIDC) to relying parties (like your web application) upon successful user authentication.

  • Delegated Authentication: Zebra integrates with existing OIDC or SAML identity providers you might already have in place within your agency. This enables users to authenticate using their existing credentials from those providers. Zebra acts as a "trusted identity provider", mediating the authentication process and ensuring secure communication between the identity provider and your web application.

Functional Capabilities

  • Federation Support: Zebra can federate external identity providers, allowing users to authenticate using external OIDC or SAML providers. This capability simplifies user access by utilising existing credentials, thereby enhancing the user experience and security.

  • Configurable Identity Brokering: Zebra allows for easy configuration of identity brokering with OIDC and SAML providers. Administrators can set up and manage identity providers through Zebra's admin console, including configuring mappings for user attributes and broker login flows.

  • Single Sign-On (SSO) and Single Log-Out: With Zebra, users can sign in once and gain access to multiple applications that Zebra secures, without the need to authenticate separately for each application. Similarly, single log-out ensures users are logged out from all applications simultaneously.

Implementation Steps

  • Setting up External Identity Providers: Within Zebra, administrators can add external OIDC or SAML providers by specifying the provider details such as the client ID, secret, and the endpoints required for authentication and token exchange.

  • Attribute Mapping: Zebra allows for the mapping of user attributes from the external provider to Zebra's user attributes. This ensures that information from the external identity provider is correctly integrated into the Zebra user session.

  • Custom Authentication Flows: Administrators can define custom authentication flows in Zebra, determining how authentication requests are processed, including the use of external OIDC or SAML providers as part of these flows.

Xaana’s Differentiation - Best Practices

  • Secure Configuration: Xaana will ensure that the communication between Zebra and external OIDC/SAML providers is secured, using HTTPS endpoints and validating SSL certificates to prevent man-in-the-middle attacks.

  • Testing and Validation: Xaana will test the integration with external OIDC/SAML providers in a staging environment before deploying to production to ensure the authentication flows work as expected and provide a seamless user experience.

Last updated