I can not understand the difference between service provier's Inbound Authentication Configuration and identity provider's Federated Authenticator Configuration.
- I added new service provider and configured SAML Inbound Authentication Configuration.
- I added an new user using dashboard.
- I deployed an web application(travelocity) on tomcat as service provider which request SAML authentication to IS server
- When i click travelocity's SAML login link, it forward to IS server's login page.
- I insert user/password, and login is successful.
In this process, i didn't configured identity provider, but authentication works. But i found some similar configuration in the identity provider's Federated Authenticator Configuration (SAML). I can't understand why Federated Authenticator Configuration is required.
I understood like following.
When user information(id, password and etc) is stored in IS server and authentication process is processing in IS server, Inbound Authentication Configuration of SP(service provider) is enough. Do not need to configure IDP(identity provider). Is it right?
When user information(id, password and etc) is stored in another IS server or other company's server(google, facebook) and also authentication process is processing in another IS server or other company's server(google, facebook), Federated Authenticator Configuration of IDP(identity provider) is enough. Do not need to configure SP(service provider). Is it right?
In this case, to configure identity provider is not requied. When just use a Inbound Authentication Configuration(SAML), it process the request in this instance. And when configure Federated Authenticator Configuration(SAML), it forward the request to the other instance. Is it right?
I want to know my idea is right or not.
Please give me some exmple about following cases.
- case just require service provider
- case just require identity provider
- case require service provider and identity provider
