Federated identity management (FIM) is a system that allows users in separate organizations to access the same networks, applications, and resources using one set of credentials. Each organization maintains their own identity management systems, which are linked to a third-party identity provider (IdP) that stores user credentials and authenticates users across organizations.
Both the PingOne Cloud Platform and PingOne Advanced Services support a variety of functions that help ensure communication between federated entities remains secure:
- Metadata URL consuming and publishing, which obtains and provides additional information about a site that's embedded into its code.
- OAuth redirect URI validation, which helps ensure users are directed to appropriate locations after they successfully sign-on.
- SSL and TLS encryption, which helps ensure that communications between a client and server are secure.
- Key rotation policies, which define when a signing key should be retired and replaced with a new cryptographic key.
- Self-signed certificates. PingOne Advanced Services supports both signed and self-signed certificates. There is no cryptographic difference between the two as they use the same algorithm and have the same key length, but some partners might not support unanchored trust models.
PingOne Advanced Services also supports:
- Mutual TLS authentication, where the two parties authenticate each other using the TLS protocol.
- certificate revocation list (CRL), which is a list of revoked certificates downloaded from the certificate authority (CA), and Online Certificate Status Protocol (OCSP), which is used to check revocation of a single certificate interactively using an online service called an OCSP responder.