NogDog;11044477 wrote:We use SimpleSAMLphp at work for integrating our site into clients' sites, which I recommend for that particular use case, but may not be what you need for a more "normal" authentication purpose.
OK took a look at that link and it seems to me that SAML also involves three parties:
1) principal - i.e., user who wants to do something
2) service provider - i.e., website that offers a service like twitter
3) identity provider - i.e., some third party that is able to authenticate the principal.
I'm having this vague inkling that my organization might want to be both service provider and identity provider if we are planning to offer an API so that we can easily expand access to our system by letting our principals delegate access to their account to phone apps or web apps or some other such thing, but then I lose my train of thought over the whole thing.
What do you mean by "integrating our site into clients' sites?"