The Proxy IdP component is operated on the machines of CESNET virtualization platform. As a critical component, it is operated in High Availability mode:
The Proxy IdP component consists of internal and external parts:
Internal parts:
External parts:
Component that provides user authentication for services supported by SAML2 protocol. For more information see SimpleSamlphp page.
A component that provides authentication for services using the OpenID Connect protocol. User authentication is handled using SimpleSAMLphp.
For more information see MitreID page.
Internal database. For more information see MariaDB Galera Cluster page.
Perun provides Proxy IdP management for users, groups and services. For more information see Perun page.
LDAP and RPC are used for communication (LDAP is preferred).
PROS
CONS
PROS
CONS
At the time of the Perun system outage, the Proxy IdP component works to a limited extent:
The Proxy IdP connection to CESNET LDAP is used to obtain the data needed to calculate the isCesnetEligible attribute.
When the CESNET LDAP component fails, the value of the isCesnetEligible attribute will not be updated, and the last known value will be passed.
CESNET, z. s. p. o.
Generála Píky 26
16000 Praha 6
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
support@cesnet.cz