The SP IdP Proxy Concept#

The SP-IdP Proxy, based on unity, has first-class support for the OIDC and SAML protocols. It can connect SAML Identity Providers, OIDC Providers, SAML Service Providers and OIDC Resource Providers thus enabling teams to use their preferred identity sources and services regardless of the authentication protocol.

The Proxy is responsible for aggregating the user attributes from various identity sources, enforcing community and platform wide policies and providing one persistent user identifier and a harmonised set of attributes to the connected services. The Discovery service provides a web interface for users to search and select their preferred identity provider.

The Discovery Service is integrated with the Proxy and enables it to operate with all identity providers supported in the same way. For this it aggregates the metadata of all the SAML Identity and Service Providers that are connected to the platform. It does so by aggregating the metadata feed of eduGAIN, while allowing the platform administrators to configure also other local or remote metadata sources. The MDS is an essential component of the platform directly connected to the Proxy.

(This text is an excerpt of the Life Science AAI description)