Integration interfaces

The Connect2id server offers a set of powerful interfaces for plugging in your enterprise data sources, branded UI/UX and business / authorisation logic. These can be:

  • Web interfaces -- For maximum flexibility, based on REST and JSON;
  • Java Service Provider Interfaces (SPI) -- For maximum performance with Java- based modules; may be implemented as connectors to a web service for additional flexibility.

To run your own OpenID Connect provider you only need to link a user authentication source and UI via the authorisation session web API. The remaining integration points are optional.

Interface Type Required Purpose
Authorisation session web yes Integrate your branded login page (UI), your subject (end-user) authentication methods and your business / authorisation logic for setting the claims and scopes of the issued ID and access tokens.
Direct authorisation web no Create SSO sessions and obtain ID / access tokens directly, without any end-user interaction. Can be used to federate external identity providers, such as business partners and social logins from Facebook, Twitter, etc.
Authorisation store web no Query, update and revoke issued OAuth 2.0 / OpenID Connect authorisations as well as the associated access and refresh tokens.
Subject session store web no Query, access and manage the SSO sessions of subjects (end-users) with the Connect2id server.
Monitoring web no Obtain server usage and performance metrics, run health-checks.
Claims source SPI yes Integrate OpenID Connect claims sources, such as LDAP directories, SQL databases and HR management systems.
Password grant handler SPI no Plug in your own authorisation logic for handling OAuth 2.0 resource owner password credentials grants.
Client credentials grant handler SPI no Plug in your own authorisation logic for handling client OAuth 2.0 credentials grants.
JWT bearer assertion grant handler SPI no Plug in your own authorisation logic for handling client-issued and third-party issued (token service) JWT bearer assertion grants.
SAML 2.0 bearer assertion grant handler SPI no Plug in your own authorisation logic for handling client-issued and third-party issued (token service) SAML 2.0 bearer assertion grants.