Plugin endpoint listing.

1. SAML 2.0 SignOn plug-in : Plugin provides SAML 2.0 support to the Identity Provider.

   • SAML 2.0 SignOn endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/signon.idp

     This endpoint provides a place where SAML 2.0 authnRequest is sent to an IdP.

   • SAML 2.0 auth assertion consumer endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/consume.idp

     This endpoint consumes SAML 2.0 authentication responses from an IdP.

   • SAML 2.0 auth assertion consumer artifact endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/artifact.idp

     This endpoints receives SAML 2.0 artifact messages, parses them and returns the SAML response.

   • SAML 2.0 auth metadata endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/metadata.idp

     This endpoint provides SAML 2.0 auth metadata when identify acts as an RP.

   • SAML 2.0 Authentication SignOff Request Endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/signoffrequest.idp

     This endpoint sends Log out responses to an IdP.

   • SAML 2.0 Authentication SignOff Artifact Endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/artifactsignoffrequest.idp

     This endpoint sends Log out responses to an IdP.

   • SAML 2.0 Authentication SignOff Response Endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/signoffresponse.idp

     This endpoint receives SAML 2.0 log out responses from an IdP.

   • SAML 2.0 Authentication SignOff Response Artifact Endpoint : https://t-seb.dkseb.dk/runtime/saml2auth/artifactsignoffresponse.idp

     This endpoint receives Log out responses from an IdP.

2. SAML 2.0 : Implements federated Sign On via the SAML 2.0 protocol.

   • Main SAML 2.0 endpoint : https://t-seb.dkseb.dk/runtime/saml2/issue.idp

     This endpoint receives requests from RPs and also is where responses are sent back to RPs.

   • Main SAML 2.0 artifact endpoint : https://t-seb.dkseb.dk/runtime/saml2/artifact.idp

     Main SAML 2.0 artifact endpoint

   • Main IdP Initiated SAML 2.0 endpoint : https://t-seb.dkseb.dk/runtime/saml2/idpInitiatedIssue.idp

     This endpoint provides main IdP Initiated SAML 2.0.

   • SAML 2.0 SignOff Endpoint : https://t-seb.dkseb.dk/runtime/saml2/signoff.idp

     This endpoints receives signoff responses from RPs.

   • SAML 2.0 metadata endpoint : https://t-seb.dkseb.dk/runtime/saml2/metadata.idp

     This endpoint provides metadata to a SAML 2.0 RP - who wants to connect to Identify - should use.

3. Username & password login plug-in : Allow users to login with username and password stored in Identify's local.

   • Username & password login endpoint. : https://t-seb.dkseb.dk/runtime/usernamepasswordauth/login.idp

     This endpoint allows you to enter username & password from Identify system and then processes and authenticates the user.

4. WS-Federation login : Plugin provides WS Federation authentication to the Identity Provider.

   • WS-Federation login endpoint : https://t-seb.dkseb.dk/runtime/wsfedauth/login.idp

     This endpoint sends a sign in request to an Idp.

   • WS-Federation Service Provider Metadata Endpoint : https://t-seb.dkseb.dk/runtime/wsfedauth/metadata.idp

     This endpoint provides metadata for an Idp to work with a RP.

   • WS-Federation assertion consumer endpoint : https://t-seb.dkseb.dk/runtime/wsfedauth/consume.idp

     This endpoint consumes sign in responses and also sign out cleanup requests.

   • WS-Federation Authentication Sign Off endpoint : https://t-seb.dkseb.dk/runtime/wsfedauth/signoff.idp

     This endpoint receives sign out responses from an RP.

5. WS-Federation protocol plug-in : Implements the WS Federation authentication.

   • Main WS-Federation endpoint : https://t-seb.dkseb.dk/runtime/WSFederation/WSFederation.idp

     This endpoint receives sign in, sign out, and sign out cleanup requests and reponses.

   • WS-Federation protocol Sign Off endpoint : https://t-seb.dkseb.dk/runtime/WSFederation/SignOff.idp

     This endpoint receives sign out responses from an RP.

   • WS-Federation protocol metadata endpoint : https://t-seb.dkseb.dk/runtime/FederationMetadata/2007-06/FederationMetadata.xml

     This endpoint provides metadata that an WS Federation RP should use to connect to Identify.

6. OAuth 2.0 : Plugin providing OAuth 2.0 support to the Identity Provider and Authorization Server

   • OAuth 2.0 authorization endpoint. : https://t-seb.dkseb.dk/runtime/oauth2/authorize.idp

     This endpoint provides Identify authorization.

   • OpenID Connection logout endpoint. : https://t-seb.dkseb.dk/runtime/openidconnect/logout.idp

     This endpoint provides a logout by removing the token from repository (cache and database).

   • OpenID Connection logout session status endpoint. : https://t-seb.dkseb.dk/runtime/openidconnect/sessionlogout.idp

     This endpoint provides logout session state.

   • OAuth 2.0 token endpoint. : https://t-seb.dkseb.dk/runtime/oauth2/token.idp

     This endpoint provides OAuth 2.0 access token.

   • OpenId connect discovery endpoint. : https://t-seb.dkseb.dk/runtime/oauth2/.well-known/openid-configuration

     This endpoint provides OpenId connect metadata.

   • OpenId connect JWK endpoint. : https://t-seb.dkseb.dk/runtime/oauth2/certs.idp

     This endpoint provides information about Identify public signing key used on Oauth 2.0 endpoints.

   • Oauth 2.0 device pairing endpoint. : https://t-seb.dkseb.dk/runtime/oauth2/device_authorization

     This endpoint provide code to authenticate the device.

   • OpenID Connect UserInfo endpoint. : https://t-seb.dkseb.dk/runtime/openidconnect/userinfo.idp

     This endpoint parses token, processes response, and validates signature received from OpenID.

   • OpenID Connect user code verification endpoint. : https://t-seb.dkseb.dk/runtime/oauth2/devicepairing

     This endpoint to verify user code on device pairing flow.

Security Token Service endpoint listing.

• STS WS Trust 14 Username Message Endpoint : http://t-seb.dkseb.dk/runtime/services/trust/14/username

  An endpoint which authenticates the client with its username and password. The client credentials are included in the header of a SOAP message. Confidentiality is preserved by encryption inside the SOAP message.

• STS WS Trust 14 Username Mixed Endpoint : https://t-seb.dkseb.dk/runtime/services/trust/14/usernamemixed

  An endpoint which authenticates the client with its username and password. The client credentials are included in the header of a SOAP message. Confidentiality is preserved at the transport layer (SSL).

• STS WS Trust 14 Certificate Message Endpoint : http://t-seb.dkseb.dk/runtime/services/trust/14/certificate

  An endpoint which authenticates the client with X.509 certificate. The client credentials are included in the header of a SOAP message. Confidentiality is preserved by encryption inside the SOAP message.

• STS WS Trust 14 Certificate Mixed Endpoint : https://t-seb.dkseb.dk/runtime/services/trust/14/certificatemixed

  An endpoint which authenticates the client with X.509 certificate. The client credentials are included in the header of a SOAP message. Confidentiality is preserved at the transport layer (SSL).

• STS WS Trust OIO IDWS Endpoint : https://t-seb.dkseb.dk/runtime/services/oiotrust/14/oioidwsmixed

  STS WS Trust OIO IDWS Endpoint

• STS WS Trust 14 Issuedtokensymmetricbasic256sha256 Endpoint : http://t-seb.dkseb.dk/runtime/services/trust/14/issuedtokensymmetricbasic256sha256

  An endpoint which authenticates the client with an issued token.

• STS WS Trust 14 Issuedmixedtokensymmetricbasic256sha256 Endpoint : https://t-seb.dkseb.dk/runtime/services/trust/14/issuedtokenmixedsymmetricbasic256sha256

  An endpoint which authenticates the client with an issued token.