Federated enterprise identity
Enterprise identity, federated.
Entcore is the SAML 2.0 plane for organisations who own their identity provider. Bring your IdP, we'll do the rest.
⌗
SAML 2.0
AuthnRequest, signed Response, POST-binding ACS.
⌖
Signed assertions
Ed25519 over the assertion canonical form.
⚯
Replay-resistant
One-shot InResponseTo, audience-locked.
⊞
Org directory
Group membership and role surfaced server-side.
Identity stays in your IdP
Two scopes, two cookies. Entcore stores nothing about your users that your IdP doesn't already know. The SP session cookie at
Path=/asm-34 never bleeds into the IdP's session at Path=/saml-idp.