How to write Custom APIs on IdP

Rainer Hoerbe rainer at hoerbe.at
Thu Apr 14 05:13:40 EDT 2016 

Besides OpenAM you may want to look into:
Midpoint https://evolveum.com/midpoint/
Syncope https://syncope.apache.org/

- Rainer

> Am 14.04.2016 um 08:48 schrieb Shagun Akarsh <shagun.akarsh at wooqer.com>:
> 
> Thanks Andy & Rod for prompt replies. 
> 
> Can you suggest any open-source project that can be smoothly integrated for Identity Management with Shibboleth IdPv3. 
> 
> Has anyone used OpenAM Identity Management tool: https://www.forgerock.com/platform/identity-management/ <https://www.forgerock.com/platform/identity-management/>. Kindly suggest alternatives. 
> 
> Thanks.
> 
> On Wed, Apr 13, 2016 at 10:57 PM, Andrew Morgan <morgan at orst.edu <mailto:morgan at orst.edu>> wrote:
> Shagun,
> 
> This is not a function of a SAML IDP or SP.  Updating user identity information is Identity Management.  The IDP handle authentication and attribute release.  It does not manage identity data.
> 
> Read the second answer from that Stackoverflow link regarding SCIM. That's more relevant for your use case.
> 
>         Andy
> 
> On Wed, 13 Apr 2016, Shagun Akarsh wrote:
> 
> Yes all SPs are from within single domain. Also both IdP and SPs are
> internal to one organization but SPs are hosted across different
> datacenters.
> 
> I will try to break down my problem statement:
> 
> First, (Update/Add data on IdP's DB from SP after successful
> authentication) In an SP initiated SSO scenario, how can a user update
> his/her password (or any other field on IdP) ?
> 
> Second, (Synching of user information across SPs) I want user's information
> to be updated across all SPs when it gets updated at IdP. I have a problem
> very similar to this (Kindly read comments on Vladimír Schäfer
> <http://stackoverflow.com/users/3510410/vladim%c3%adr-sch%c3%a4fer <http://stackoverflow.com/users/3510410/vladim%c3%adr-sch%c3%a4fer>>'s
> answer) :
> http://stackoverflow.com/questions/23567648/sso-how-to-synchronize-user-accounts-between-service-provider-and-identity-prov <http://stackoverflow.com/questions/23567648/sso-how-to-synchronize-user-accounts-between-service-provider-and-identity-prov>
> 
> 
> On Wed, Apr 13, 2016 at 2:29 PM, Rod Widdowson <rdw at steadingsoftware.com <mailto:rdw at steadingsoftware.com>>
> wrote:
> 
> which can be updated by any of the SP. Also we want to allow to update
> user information from SPs.
> 
> Thus we want to write APIs on IdP for such updates which can be called
> from SPs directly. How to implement this.
> 
> Write it into a Database from the SP and uses RDBMSDataConnector on the
> IdP?  Or LDAP?
> 
> This has to be internal to a single privacy/security domain I guess?
> Otherwise I don't even want to think about the privacy&secuirty
> implications...
> 
> Rod
> 
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
> 
> 
> 
> 
> -- 
> Shagun Akarsh
> Ph: +91-9902095371
> Research Engineer
> Wooqer Labs,
> Bangalore.
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
> 
> 
> 
> -- 
> Shagun Akarsh
> Ph: +91-9902095371
> Research Engineer
> Wooqer Labs,
> Bangalore.
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160414/d5a50926/attachment.html>

More information about the users mailing list