Table of Contents |
---|
This APPNAME installation and OURNAME AAI proxy integration guide complements the end-user oriented guide on OURNAME AAI Proxy Installation (it will be moved elsewhere, e.g. a README, once it is completed). All information that is common to integration of various OURNAME AAI proxy has been OURNAME AAI Proxy Installation Document/README Outline followed by as set of app/SP-specific guides based on the APPNAME usage with OURNAME AAI Proxy template. They should not overlap.
This text details the process of configuring the APPNAME application to function with the OURNAME AAI proxy. It
The document aims to assist service providers in setting up APPNAME and integrating it with an instance of OURNAME AAI proxy, which acts as an identity provider using SAML <or OIDC> (or OIDC) support provided by APPNAME. The integration streamlines APPNAME setup and maintenance by leveraging the BRANDNAME OURNAME AAI proxy to conceal IDP(s) and potentially centralise management for multiple applications.
...
Location of this guide (best to keep in the same repository as OURNAME AAI Proxy but in a separate folder) Provide information on how to contribute to this guide and the licensing of contributions. How to contribute with similar guides for other applications and services.
Background
...
Info
Possibly remove thus in in the final template and services/apps docs
...
find . -type f -name "*.md" -exec sed -i 's/%OIDC_ISSUER%/https:\/\/oidc.muni.cz\/oidc\//g' {} +
----
OURNAME AAI Proxy Installation Document/README
This should be a separate doc, possibly the proxy's README. You can base it on https://wiki.geant.org/pages/viewpage.action?pageId=725614690#SoftwarelicenceselectionandmanagementinG%C3%89ANT-READMEFile, following this structure:
- Purpose or intent, which authors may sometimes omit as it may appear self-evident to them.
- Scope, supported settings, requirements or constraints of the application which may not be apparent to a reader encountering the project on the intranet.
- Installation and configuration.
- Usage.
- Roadmap and known issues.
- Community contributions.
- Acknowledgments, dependencies and used tools.
- Software licence and licences of differently licensed components.
Keep technical documentation in a separate .md file.
Below are a few related scraps that could be of help:
About AAI Proxy
Overview of AAI Proxy (SAML/OIDC-based) What it serves for.
Features
The offered proxy supports (some ideas about what could be mentioned – check, I do not know where this is from!!!):
- SAML2
- HTTP-Redirect binding
- HTTP-POST binding
- Signed responses
- Public URL with metadata in XML
- OIDC
- Well-known endpoint
- Authorization endpoint
- Public URL with keys in JWKS
- Token endpoint
- Optional basic authentication using client secret
- Userinfo endpoint
- Proof Key for Code Exchange (PKCE) - S256
- Standard scopes and corresponding claims (OpenID, email, profile)
- Refresh tokens
Setup
Where is available.
How to install it.
Configuration.
Connecting it to IdP(s).
Capturing SAML or OIDC configuration parameters for providing to the SPs or RPs.
Registration of SPs or RPs with the proxy.
How to check if it works (could be a separate section).
How to check if the SPs or RPs is registered (without using it).
...
Contributions
Background info
Implementation notes, descriptions and documentation
Further reading
...