How to Choose a NIEF Identity Provider Product

This article lists the requirements for products that may be considered for a NIEF Identity Provider (IDP). It also briefly describes the IDP products for which NIEF implementers currently have some amount of knowledge and implementation experience.

As you work through the process of choosing an IDP product, consider which product best meets your organization's needs, and keep in mind that the best product for you may not necessarily be included in this document. For those organizations that have an existing enterprise identity management platform, the best choice may be to implement a NIEF IDP via that existing platform - especially if the existing identity management platform conforms to the NIEF IDP technical requirements (listed below).

An IDP authenticates an end user and creates a SAML assertion for that user in a trusted fashion to a Service Provider (SP). When a user attempts to access an SP, the user's IDP collects local attribute information about the user and uses it to generate a SAML assertion for the user.

A NIEF IDP must meet the minimum requirements expressed in the NIEF Minimum Interoperability TIP for SAML IDP.

The following is a non-exhaustive list of products that provide SAML-based identity provider capabilities. You should evaluate these and other products to determine which best meet your needs within your budget.

• Shibboleth IDP
• Ping Identity PingFederate IDP
• CA Federation Manager IDP
• Microsoft ADFS 3.0
• SimpleSAML PHP