Endpoints ref / Flow diagrams

Note that it is strongly advisable to ensure that the base url "/", "/status" and "/metadata" endpoints are not publicly exposed.
It is also important that your network settings allow connection to the https://api.mpin.io/.well-known/openid-configuration endpoint, as this is where the program attempts to get the platform configuration. It also needs outgoing access to https://api.mpin.authorize/, https://api.mpin.io/oidc/certs and https://api.mpin.io/oidc/token

When the IdP server is running, a RESTful HTTP JSON API server will listen at the following endpoints:

ENTRY POINT METHOD DESCRIPTION
/ GET returns a list of available endpoints as JSON
/status GET does a health check and returns the server status as JSON
/metadata GET Serves the IDP SAML metadata. Can be used to download the metadata file for upload to SPs
/sso GET SAML GET endpoint used by SPs to initiate the authentication flow
/login GET, POST Initiates the backend authentication with MIRACL Trust
/login/:id GET IdP-initiated login for a particular SP (identified by :id. For example /login/aws or login/dropbox)
/login/:id/*relaystate GET IdP-initiated login for a particular SP + RelayState
/logout GET Terminate the user's IdP session
/services GET Serves the list of Service Providers the current user is authorized to access.


Flow Diagrams

The following diagrams graphically illustrate the communication between:

  1. The IdP server
  2. The Service Provider(s)
  3. The MIRACL Trust SSO authentication platform

idp-initiated-login

sp-initiated-login

idp-services

idp-logout

Top