FoxIDs is a Identity Services (IDS) with support for OAuth 2.0, OpenID Connect 1.0 and SAML 2.0.

Developed in Denmark and hosted in Netherlands, ownership and data is kept in Europe.

FoxIDs is both an authentication platform and a security broker where FoxIDs support converting from OpenID Connect 1.0 to SAML 2.0.

FoxIDs is designed as a container with multi-tenant support. Your tenant holds your environments which correspond to your environments (prod, QA, test, dev) and other elements. Each environment is an Identity Provider with a user repository, a unique certificate and connections. Connections to external Identity Provider is configured as OpenID Connect 1.0 or SAML 2.0 authentication methods where applications and APIs is configured as OAuth 2.0, OpenID Connect 1.0 or SAML 2.0 application registrations.
The users login experience is configured as an authentication method.

Take a look at the FoxIDs test configuration in FoxIDs Control: https://control.foxids.com/test-corp
Get read access with the user [email protected] and password TestAccess!

FoxIDs consist of two services:

  • The identity service which in short is called FoxIDs. The service handles user login and all other security traffic.
  • The configuration service FoxIDs Control is used to configure FoxIDs in a user interface (FoxIDs Control Client) or by calling an API (FoxIDs Control API).

FoxIDs can be deployed and used by a single company or deployed as a shared cloud container and used by multiple organisations. You can select to use a shared cloud or a private cloud setup.

  • FoxIDs SaaS is available at FoxIDs.com as an Identity Services (IDS) also called Identity as a Service (IDaaS).
    FoxIDs.com is hosted in Europe and mainly in Microsoft Azure Holland, Netherlands.
  • You can deploy FoxIDs as your own private cloud on Microsoft Azure.

For more information please see the get started guide.

Source code available

The FoxIDs source code is available at the GitHub repository. The license grant all the right to install and use FoxIDs for non-production. The license grant small companies including, personal projects and non-profit educational institutions the right to install and use FoxIDs in production.

Selection by URL

The structure of FoxIDs separates the different tenants, environments and connections which is selected with URL elements.

If FoxIDs is hosted on e.g., https://foxidsxxxx.com/ the tenants are separated in the first path element of the URL https://foxidsxxxx.com/tenant-x/. The environments are separated under each tenant in the second path element of the URL https://foxidsxxxx.com/tenant-x/environment-y/.

A application registration is call by adding the application registration name as the third path element in the URL https://foxidsxxxx.com/tenant-x/environment-y/application-z/.
A authentication method is call by adding the authentication method name insight round brackets as the third path element in the URL https://foxidsxxxx.com/tenant-x/environment-y/(auth-method-v)/. If FoxIDs handles a authentication method sequence resulting in a session cookie the same URL notation is used to lock the cookie to the URL.

When a client (application) starts an OpenID Connect or SAML 2.0 login sequence it needs to specify by which authentication method the user should authenticate. The authentication method is selected by adding the authentication method name in round brackets in the URLs third path element after the application registration name https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-v)/.

Selecting multiple authentication methods:

  • Select all allowed authentication methods for a application registration by adding a star in round brackets in the URL after the application registration name https://foxidsxxxx.com/tenant-x/environment-y/application-z(*)/
  • Select a maximum of 4 allowed authentication methods for a application registration by adding the authentication methods as a comma separated list in round brackets in the URL after the application registration name https://foxidsxxxx.com/tenant-x/environment-y/application-z(auth-method-v1,auth-method-v2,auth-method-v3,auth-method-v4)/

The allowed authentication methods is configured in each application registration.

A client using client credentials as authorization grant would not specify the authentication method. It is likewise optional to specify the authentication method when calling an OpenID Connect discovery document or a SAML 2.0 metadata endpoint.