定义
An Identity Broker is an intermediary service that connects multiple service providers with different identity providers. As an intermediary service, the identity broker is responsible for creating a trust relationship with an external identity provider in order to use its identities to access internal services exposed by service providers.
一个中间层服务,通过多个不同的身份验证服务,来连接多个系统间的业务服务。
它负责和外部系统身份验证提供者建立信任关系,获取外部系统的安全令牌,从而给内部系统访问外部系统服务资源创造信任授权。
An identity provider is usually based on a specific protocol that is used to authenticate and communicate authentication and authorization information to their users. It can be a social provider such as Facebook, Google or Twitter. It can be a business partner whose users need to access your services. Or it an be a cloud-based identity service that you want to integrate with.
身份验证提供者一般基于专用协议和用户交换验证和授权信息。它可以是社交服务供应商,像Facebook,Google或者Twitter。也可以是访问你内部服务的业务伙伴。或者是你想集成的云端的身份认证服务。
常用协议如下,
- SAML v2.0
- OpenID Connect v1.0
- OAuth v2.0
概览
Identity Broker Flow