How to write Custom APIs on IdP

[Andrew Morgan]

Shagun,

This is not a function of a SAML IDP or SP.  Updating user identity 
information is Identity Management.  The IDP handle authentication and 
attribute release.  It does not manage identity data.

Read the second answer from that Stackoverflow link regarding SCIM. 
That's more relevant for your use case.

 	Andy

On Wed, 13 Apr 2016, Shagun Akarsh wrote:

> Yes all SPs are from within single domain. Also both IdP and SPs are
> internal to one organization but SPs are hosted across different
> datacenters.
>
> I will try to break down my problem statement:
>
> First, (Update/Add data on IdP's DB from SP after successful
> authentication) In an SP initiated SSO scenario, how can a user update
> his/her password (or any other field on IdP) ?
>
> Second, (Synching of user information across SPs) I want user's information
> to be updated across all SPs when it gets updated at IdP. I have a problem
> very similar to this (Kindly read comments on Vladimír Schäfer
> <http://stackoverflow.com/users/3510410/vladim%c3%adr-sch%c3%a4fer>'s
> answer) :
> http://stackoverflow.com/questions/23567648/sso-how-to-synchronize-user-accounts-between-service-provider-and-identity-prov
>
>
> On Wed, Apr 13, 2016 at 2:29 PM, Rod Widdowson <rdw at steadingsoftware.com>
> wrote:
>
>>> which can be updated by any of the SP. Also we want to allow to update
>> user information from SPs.
>>>
>>> Thus we want to write APIs on IdP for such updates which can be called
>> from SPs directly. How to implement this.
>>
>> Write it into a Database from the SP and uses RDBMSDataConnector on the
>> IdP?  Or LDAP?
>>
>> This has to be internal to a single privacy/security domain I guess?
>> Otherwise I don't even want to think about the privacy&secuirty
>> implications...
>>
>> Rod
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
>
> -- 
> Shagun Akarsh
> Ph: +91-9902095371
> Research Engineer
> Wooqer Labs,
> Bangalore.
>