The Connect2id server offers a set of powerful interfaces for plugging in your enterprise data sources, branded UI/UX and business / authorisation logic. These can be:
- Web interfaces — For maximum flexibility, based on REST and JSON;
- Java Service Provider Interfaces (SPI) — For maximum performance with Java- based modules; may be implemented as connectors to a web service for additional flexibility.
To run your own OpenID Connect provider you only need to link a user authentication source and UI via the authorisation session web API. The remaining integration points are optional.
|Authorisation session||web||required||Integrate your branded login page (UI), your subject (end-user) authentication methods and your business / authorisation logic for setting the claims and scopes of the issued ID and access tokens.|
|Logout session||web||optional||Integrate a logout page (UI) for receiving end-session requests from OpenID clients and other applications.|
|Direct authorisation||web||optional||Create SSO sessions and obtain ID / access tokens directly, without any end-user interaction. Can be used to federate external identity providers, such as business partners and social logins from Facebook, Twitter, etc.|
|Authorisation store||web||optional||Query, update and revoke issued OAuth 2.0 / OpenID Connect authorisations as well as the associated access and refresh tokens.|
|Subject session store||web||optional||Query, access and manage the SSO sessions of subjects (end-users) with the Connect2id server.|
|Monitoring||web||optional||Obtain server usage and performance metrics, run health-checks.|
|Claims source||SPI||required||Integrate OpenID Connect claims sources, such as LDAP directories, SQL databases and HR management systems.|
|Password grant handler||SPI||optional||Plug in your own authorisation logic for handling OAuth 2.0 resource owner password credentials grants.|
|Client credentials grant handler||SPI||optional||Plug in your own authorisation logic for handling client OAuth 2.0 credentials grants.|
|JWT bearer assertion grant handler||SPI||optional||Plug in your own authorisation logic for handling client-issued and third-party issued (token service) JWT bearer assertion grants.|
|SAML 2.0 bearer assertion grant handler||SPI||optional||Plug in your own authorisation logic for handling client-issued and third-party issued (token service) SAML 2.0 bearer assertion grants.|