Cphbusiness internal systems now benefitting from WAYF's OIDC interface

Copenhagen Business Academy Cphbusiness now utilises WAYF's OIDC interface with its internal systems. The institution has discarded its solution up till now, a self-developed SAML-to-OIDC proxy. This transition marks a simplification of operations as well as an impoved user experience.

The previous solution was based on a proxy developed internally at Cphbusiness posing as an OpenID Provider towards the institution's internal systems while at the same time being a SAML Service Provider in the WAYF federation. This service ran in AWS and was configured to translate tokens and groups-based claims from AD. The proxy was necessary because newer internal systems supported only OAuth/OIDC and not SAML2. The solution was operationally stable but complex, making its replacement by WAYF's OIDC interface highly desirable. A big step towards a simpler architecture, and a small one towards greater independence from Big Tech.

The users' login experience, according to Kim Mikkelsen, IT manager at Cphbusiness, has improved significantly. “We're going fast now,” he reports, elaborating: “When my clients are happy, so am I.” The transition in his experience has required a bit of planning – but definetely payed off, in reduced complexity and better performance and stability.