IdP gateway
Stefano Zanmarchi
zanmarchi at gmail.com
Mon Apr 18 14:17:27 EDT 2016
Thank you for the answers.
@Eric: it wouldn't be an issue, but I was wondering: can the SP easily be
configured to "point to" an IdP proxy instead of and IdP or yo a Discovery
Service?
Il 18/apr/2016 19:31, "Eric Goodman" <Eric.Goodman at ucop.edu> ha scritto:
> This can be done using an IdP Proxy. SimpleSamlPhp is one product you can
> use for this purposes. It has hooks for doing what you describe, but there
> would be custom coding required.
>
>
>
> The approach assumes you have a process to populate and maintain the extra
> information (e.g., entitlements) for users from all of the IdPs for the
> proxy to pull information from. The Proxy doesn’t help at all with managing
> that extra information, it just offers a mechanism for “post processing”
> the SAML responses and injecting information before the SP gets the SAML
> response.
>
>
>
> Using an IdP Proxy approach, the SP sees all the attributes as coming from
> the IdP Proxy, not from the original source IdPs, so it’s not “transparent”
> to the SP in that sense. It’s not clear from your description whether or
> not that would cause an issue for you.
>
>
>
> --- Eric
>
>
>
> *From:* users [mailto:users-bounces at shibboleth.net] *On Behalf Of *Stefano
> Zanmarchi
> *Sent:* Monday, April 18, 2016 7:23 AM
> *To:* Shib Users
> *Subject:* IdP gateway
>
>
>
> Hi all,
>
> I'm looking for an IdP gateway with the ability to add attributes to those
> received from an IdP.
>
> The scenario I'd like to achieve is:
>
> - the user clicks on the SP's login button
>
> - she gets redirected to the IdP gateway
>
> - the IdP gateway presents the user with a list of IdPs she can chose from
>
> - the user selects an IdP and authenticates
>
> - upon succesful authentication the gateway returns the user to the SP
> adding some attributes (e.g. an entitlement).
>
> Has something like this already been implemented, possibly open source?
> Any information would be greatly appreciated.
>
> Thanks,
>
> Stefano
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160418/456d9e55/attachment.html>
More information about the users
mailing list