KIM itself does not implement authentication services. It's assumed that an implementer will use existing services (such as CAS or Shiboleth) for this. However, KIM provides a service abstraction which allows for integrating with the authentication systems to help extract information about who has authenticated to the application.
Central Authentication Service
The default implementation of the authentication module shipped with KC uses the Central Authentication Service (CAS) authentication system. CAS is the authentication system used by Indiana University, and is the standard system at those institutions by which Web applications authenticate users.
Figure 7 Generic, Default KC Login Screen
KC authenticates users based on the prevailing institutional practice.
Your institution may have opted to extend KC to use a different authentication service instead of the CAS framework. |