The APS Identity protocol allows Parallels products to support branding in terms of identifying a product or a service with the parent company. For instance, if a reseller of the services provided by Parallels Plesk Control Panel do not want their customers to know that they actually purchase services from a reseller, not a direct provider, Plesk administrator can configure branded IdP for the reseller to hide original IdP URL (called default IdP URL) from end users.
By default, all SSO-participating applications exchange security data with a default IdP. A default IdP URL (domain name and port) is given to the applications on registration in a specific IdP. The applications may implement ability to change the default IdP URL without re-registering in the IdP (in case the IdP was moved to another domain).
A branded IdP is actually a proxy between a default IdP and a reseller's domain. All data transferred from the domain to the branded IdP must be redirected to the default IdP. When the default IdP has processed the data, it must be returned to the domain through the branded IdP. All these proxy-related operations must be implemented by an SSO-participating application that owns the branded IdP.
The reseller must have the ability to roll back default IdP URL.
If an SSO-participating application is controlled by several branded resellers, it should be able to identify which IdP is used for each incoming request by the request host header. Controlled applications should use a translation table of associations between domains and branded IdPs.
Previous page
Next page
Locate page