Profiles

Profiles define major areas of functionality in the system, such as user authentication and token issuance. They also provide a way to segment configuration and/or data in order to expose the available features in different ways for different use cases.

Available in the Curity Identity Server#

Authentication

An Authentication profile is responsible for user authentication, supporting many types of user authentication solutions to enable users to onboard, authenticate and securely gain access to your systems.

Token

A Token profile is responsible for issuing security tokens, by which the server asserts data for use by an OAuth client in a particular context.

User Management

A User Management profile is concerned with managing user accounts and associated resources through SCIM 2.0 and GraphQL APIs.

Application

An Application profile is where Application plugins are defined, which provide auxiliary functionality to the Curity Identity Server.

SAML IDP

A SAML IDP profile acts as a SAML Identity Provider (IDP), answering authentication requests from a SAML Service Provider and issuing assertions that can be used to establish a user’s identity.

Profile Groups#

Certain profiles may refer other profiles to achieve certain functionality. For example, a Token profile may refer to an Authentication profile to authenticate users, when user authentication is needed. Likewise, a User Management profile may refer to a Token profile in order to validate access tokens presented to its APIs. The profiles that are linked together in this way are referred to as a Profile Group.

The available Profile Groups are displayed in the Profiles page in the Admin UI. In this page it’s possible to manage existing profiles and quickly create/link new profiles, as illustrated below.

Profiles and Profile GroupsProfiles and Profile Groups

Deploying to Service Roles#

After creating profiles, they need to be deployed to Service Roles in order to be accessible. When creating a new profile via the Admin UI, you can select which Service Role(s) to deploy it to, as illustrated below.

Selecting Service Roles for the ProfileSelecting Service Roles for the Profile

Profiles are made up of endpoints that are used to interact with them. Different profiles define different types of endpoints, depending on their functionality. For example, a Token profile defines an OAuth token endpoint, among others.

When deploying a profile, what’s actually being deployed are its endpoints. Each endpoint can be deployed to one or more Service Roles. It’s common (but not required) to deploy all endpoints of the same profile to the same Service Role(s). This is what is done by the profile creation wizard shown above.

The SystemDeployment page on the Admin UI provides an overview of the endpoints deployed to each Service Role.

Profiles endpoints overviewProfiles endpoints overview

In addition, each Profile has its own Endpoints page, which allows managing the deployment of its endpoints individually.

Learn More#

  • The First Configuration tutorial shows how to set up the basic configuration for running OAuth and OpenID Connect flows, which includes multiple profiles.

Was this helpful?