By Mikkel Hald, 26/05/25
Copenhagen Business Academy Cphbusiness now utilises WAYF's OIDC interface with its internal systems. The institution has discarded its solution up till now, a self-developed SAML-to-OIDC proxy. This transition marks a simplification of operations as well as an impoved user experience.
The previous solution was based on a proxy developed internally at Cphbusiness posing as an OpenID Provider towards the institution's internal systems while at the same time being a SAML Service Provider in the WAYF federation. This service ran in AWS and was configured to translate tokens and groups-based claims from AD. The proxy was necessary because newer internal systems supported only OAuth/OIDC and not SAML2. The solution was operationally stable but complex, making its replacement by WAYF's OIDC interface highly desirable. A big step towards a simpler architecture, and a small one towards greater independence from Big Tech.
The users' login experience, according to Kim Mikkelsen, IT manager at Cphbusiness, has improved significantly. “We're going fast now,” he reports, elaborating: “When my clients are happy, so am I.” The transition in his experience has required a bit of planning – but definetely payed off, in reduced complexity and better performance and stability.