Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Authentication technologies are the software and libraries that can be used to allow users to authenticate, and optionally if allowed by the identity provider and requested by the service provider, providing the identity information to another service.

 

 LCMAPSKerberosMoonshotsimpleSAMLphpUNITY
Authentication
workflow
Password,
RemoteUser,
RemoteUserInternal,
X509, X509Internal,
SPNEGO/Kerberos,
IPAddress,External
X.509 proxy
certificate
Username/password,
OTP,Kerberos ticket
Username/password
(any RADIUS EAP-
supported mechanism)
Username/password
from user repository
(SQL/LDAP/
RADIUS), X509
authentication through
userCertificate, LDAP,
social media
 
Username/Passwor
d, Client Certificate,
LDAP, Social Media
Supported standards
SAML 1.1/2.0,
X509, Kerberos,
LDAP, SQL
X.509 (RFC5280
and RFC3820),
VOMS
RFC 4121,RFC 4120
RFC3748,
RFC5247,
RFC7055
SAML 1.1/2.0, X509,
OpenID, OAuth 2.0,
Kerberos, VOOT,
SQL, LDAP, RADIUS
SAML 1.1/2.0,
X.509, OIDC, LDAP
HA deployment
yesDeployed in the serviceYes
RADIUS service
can be run in HA
environments
Yes, through multiple
memcached service
instances

Yes, relying on

database layer

LicenceOpen SourceOpen SourceOpen SourceOpen SourceOpen SourceOpen Source
Expected support level

Supported by the

Shibboleth consortium

Supported by NIKHEF

Supported by

Linux distributions

Supported by Jsic

Collaborative support,

large user communities

Supported by ICM, JSC,

funded by PLGrid

 

Authorisation

Services can implement authorisation policies based on external information or locally. For distributed infrastructures in particular, it is common for services to use an external policy engine to take authorisation decisions. The purpose for this configuration is to support centralised management of authorisation policies for security reasons, as well as to simplify configuration at service level.

...