Broker Services
This page describes how to configure Broker Services in the Signicat Identity Broker.
Broker services allow you to configure scenarios for the Signicat Identity Broker to be used in the request for the identity provider.
To configure services, select the Broker Services section in the Identity Broker menu.
The Broker Services dashboard.
The default service is always configured and cannot be removed, only edited. This is where other broker services, can be added, edited and removed.
Example: Configuring an IRMA broker service.
In the example above, we can see the configuration section of a single service.
  • Name: The name of the broker service (required).
  • Select default minimum Level of Assurance: Here you can set the minimum Level of Assurance (LoA) to be provided by the broker service.
  • Selected authn provider: This is where you configure the Identity Providers that the Broker should allow to be used for authentication when the login flow is using the selected service (optional - multiple).
  • Provide authn configuration: Here you can configure the requested attributes that can be added per Identity Provider, so the Broker will send them on the request (optional - multiple).
    • Depending on the protocol of the Identity Provider, the name of attributes can change:
      • Saml -> Index
      • OpenID -> Scopes
      • IDIN -> RequestedAttributes

In order to use services on the login flow, service providers have two options:
  1. 1.
    Send the service on the login request. For this functionality, the Broker supports following protocols:
    • OpenID: The service should be requested by using the scope attribute. Services available in the Broker are shown in the well-known/openid-configuration endpoint of the broker: {domain}/broker/sp/oidc/.well-known/openid-configuration. The services are listed with the following format service:$ServiceName.
  2. 2.
    Configure default service in the configuration-app. This is feature is available for each configured service provider connection. The Broker will first try to use a service that was sent in the login request. If no service is requested, it will try to use the service configured in the service provider connection, if available.
Select default broker service on Service Provider Connection.
Copy link