Broker Services
​
Broker Services allow Service Providers to configure scenarios for the Signicat Broker to use in the request for the Identity Provider.
To configure services, in the configuration-app we have theBroker Services section:
The Default service is always configured and can not be removed, only edited. Other configured services, like IdinService can be added, edited and removed.
In the example above, we can see the configuration section of a single service.
Name(required): the name of the broker service.
Selected authn provider(optional - multiple): configure Identity Providers that Broker should allow to be used for authentication when the login flow is using the selected service.
Provide authn configuration(optional - multiple): configure requested attributes that can be added per Identity Provider, so the Broker will send them on the request.
Depending on the protocol of the Identity Provider, the name of attributes can change:
Saml->IndexOpenID->ScopesIDIN->RequestedAttributes
​
In order to use services on the login flow, Service Providers have 2 options:
Send the service on the login request. For this functionality, Broker supports following protocols:
OpenID: The service should be requested by using the scope attribute. Services available in the Broker are shown in the
well-known/openid-configurationendpoint of the broker:{domain}/broker/sp/oidc/.well-known/openid-configuration. The services are listed with the following formatservice:$ServiceName.
Configure default service in the configuration-app. This is feature is available for each configured Service Provider connection. Broker will first try to use a service that was sent in the login request. If no service is requested, it will try to use the service configured in the Service Provider connection if available.
​
​