Federation Authentication Method
The Federation Authentication Method causes RapidIdentity Federation to act as a SAML Relying Party to another RapidIdentity Federation Identity Provider.
This authentication method currently only supports SAML authentication to another RapidIdentity Federation instance.
To configure the Federation Authentication method, it is necessary to establish a trust between the Local RapidIdentity Instance and the Remote RapidIdentity instance.
Follow these steps to configure the Federation Authentication method.
Obtain the local RapidIdentity instance metadata by entering the following into the browser location bar: https://<hostname>/idp/sp-metadata.xml.
Capture the metadata and save to a local text file.
Navigate to the remote RapidIdentity instance and register a new Service Provider using this metadata.
On the remote RapidIdentity Instance, it is necessary to release at least one attribute to uniquely identify the user in the local identity provider. For example, if the user's idautoID in the remote RapidIdentity instance matches the idautoID in the local RapidIdentity instance, then the idautoID attribute is sufficient. Otherwise, additional attributes must be released and verified to match in both instances to uniquely identify the authenticating user.
On the local RapidIdentity instance, issue an API call to POST/admin/trustedIdps with the following JSON:
{ "id": "string", "version": number, "name": "rapididentity", "config": { "host": "the remote IdP hostname", "port": 443, // not required. if blank, defaults to 443. "attributeMappings": [{ "remote": "string", // required, must be unique. attributes released by remote IdP "local": "string" // not required. if not included, assumes value of remote during evaluation }] } }On the local RapidIdentity Instance with an existing or new authentication policy, add the Federation method. Enable the method and select rapididentity from the Trusted Identity Provider drop-down box.
Save the authentication policy.