In this demo, OpenAMs are configured to simulate one Service Provider (SP) depending on multiple Identity Providers (IDP) for federation.
The user selects an Identity Provider from a list published by the service provider. The user is then redirected to the selected IDP for authentication and further federation at Service Provider. The user experience is enhanced by the seamless login between IDP and SP due to federation. A secure page is displayed with the user's profile(s) at both IDP and SP. In this demonstration, the user's email address attribute is used to auto federate.
The following diagram depicts:
- Service Provider federating with multiple identity providers.
- User auto-federation based on a mapped attribute(e-mail address)