Carillon STS is a Federated Identity Provider (IdP) that is built on PHP, allowing for efficient and secure identity authentication across multiple platforms.
Once the software is installed and configured, Carillon STS allows a user to authenticate themselves using either a password or an X.509 certificate. Once authenticated, the user is issued a digitally signed infocard with standard identity claims and customizable identity claims. When the user presents this infocard to a Relying Party (RP) site, their browser's identity selector requests a SAML token from Carillon STS.
If the authentication information is still valid, a digitally signed token containing various claims asserted by the user is issued. The browser then checks the digital signature, encrypts it for the RP, and passes it along. The RP is responsible for decrypting the SAML token, verifying the digital signature, verifying the asserted claims, and making an access decision based on the information.
Here are some of the new updates in this release:
- X.509 support now works more smoothly with Windows CardSpace.
- The infocard now contains the correct UserCredential tag and assertion names and tags.
- The mex output contains policy for enabling CardSpace to authenticate using the certificate.
- The token request consumer checks the signature on the included timestamp since CardSpace doesn't support using the user certificate for the HTTPS/SSL transport.
- There are several other fixes.
Overall, Carillon STS is a highly efficient and effective software option for authentication and identity management. Its compatibility with various implementations and ease of use make it a great choice for businesses and individuals alike.
Version 0.02: N/A