FoxIDs is a Identity Services (IDS) with support for OAuth 2.0, OpenID Connect 1.0 and SAML 2.0.
Hosted in Azure Europe / Ownership and data in Europe.
FoxIDs is both an authentication platform and a security broker where FoxIDs support converting between OpenID Connect 1.0 and SAML 2.0.
FoxIDs is designed as service with multi-tenant support. Your tenant holds your environments (prod, QA, test, dev or corporate, external-idp, app-a, app-b) and possible interconnect the environments.
Each environment is an Identity Provider with a user repository and a unique certificate.
An environment can be connected to external Identity Provider with OpenID Connect 1.0 or SAML 2.0 authentication methods.
The environment is configured as the IdP for applications and APIs with OAuth 2.0, OpenID Connect 1.0 or SAML 2.0 application registrations.
The user's log in experience is configured and optionally customized.
Take a look at the FoxIDs test configuration in FoxIDs Control: https://control.foxids.com/test-corp
Get read access with the user[email protected]and passwordTestAccess!
FoxIDs consist of two services:
- FoxIDs - identity service, which handles user log in, OAuth 2.0, OpenID Connect 1.0 and SAML 2.0.
- FoxIDs Control, which is used to configure FoxIDs in a user interface or by calling an API.
Hosting:
- FoxIDs SaaS is available at FoxIDs.com as an Identity Services (IDS).
- You can deploy FoxIDs anywhere using Docker or Kubernetes (K8s).
For more information please see the get started guide.
Source code available
The FoxIDs source code is available at the GitHub repository. The license grant all the right to install and use FoxIDs for non-production. The license grant small companies including, personal projects and non-profit educational institutions the right to install and use FoxIDs in production.
Selection by URL
The structure of FoxIDs separates the different tenants, environments and connections which is selected with URL elements.
If FoxIDs is hosted on e.g., https://foxidsxxxx.com/ the tenants are separated in the first path element of the URL https://foxidsxxxx.com/tenant-x/.
The environments are separated under each tenant in the second path element of the URL https://foxidsxxxx.com/tenant-x/environment-y/.
A application registration is call by adding the application registration name as the third path element in the URL https://foxidsxxxx.com/tenant-x/environment-y/application-z/.
A authentication method is call by adding the authentication method name insight round brackets as the third path element in the URL https://foxidsxxxx.com/tenant-x/environment-y/(auth-method-v)/.
If FoxIDs handles a authentication method sequence resulting in a session cookie the same URL notation is used to lock the cookie to the URL.
When a client (application) starts an OpenID Connect or SAML 2.0 login sequence it needs to specify by which authentication method the user should authenticate.
The authentication method is selected by adding the authentication method name in round brackets in the URLs third path element after the application registration name https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-v)/.
Selecting multiple authentication methods:
- Select all allowed authentication methods for a application registration by adding a star in round brackets in the URL after the application registration name
https://foxidsxxxx.com/tenant-x/environment-y/application-z(*)/ - Select a maximum of 4 allowed authentication methods for a application registration by adding the authentication methods as a comma separated list in round brackets
in the URL after the application registration name
https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-v1,auth-method-v2,auth-method-v3,auth-method-v4)/
The allowed authentication methods is configured in each application registration.
A client using client credentials as authorization grant would not specify the authentication method. It is likewise optional to specify the authentication method when calling an OpenID Connect discovery document or a SAML 2.0 metadata endpoint.