IdP gateway

Peter Schober peter.schober at
Tue Apr 19 07:23:55 EDT 2016

* Stefano Zanmarchi <zanmarchi at> [2016-04-18 16:23]:
> I'm looking for an IdP gateway with the ability to add attributes to those
> received from an  IdP.
> The scenario I'd like to achieve is:
> - the user clicks on the SP's login button
> - she gets redirected to the IdP gateway
> - the IdP gateway presents the user with a list of IdPs she can chose from
> - the user selects an IdP and authenticates
> - upon succesful authentication the gateway returns the user to the SP
> adding some attributes (e.g. an entitlement).

If the source for "additional" attributes like entitlements is the
same for everyone, no matter what IDP they used for authentication,
then that's not a use-case for a proxy, but for an Attribute Authority.
The Shib SP has built-in support to query additional (statically
pre-configured) AAs for attributes about a subject.

Using the contributed Attribute Query Handler
you can also easily (and fast) get the data from the SP.


More information about the users mailing list