Social2SAML gateway authentication assertion contents

Keith Hazelton hazelton at
Mon Nov 21 14:01:12 GMT 2011

The MACE Social-Ident Working Group is developing recommendations for developers of Social2SAML Gateways such as SWAMI's IdPproxy, PennState's OpenID to SAML gateway, Lucas Rockwell's IdCorral Shibboleth IdP Proxy and CMU's Tartan-ConnectID.

One of the requirements for an ideal gateway is that the Relying Party needs to be told the identity of both the original social IdP and the Social2SAML gateway itself.

Where should the social IdP and the gateway identity be carried in the SAML authentication assertion?  What are the alternatives and tradeoffs?

         --Keith Hazelton for socialidentity at

More information about the users mailing list