IdP implementation roadmap
yrevyakin at gmail.com
Tue Apr 16 10:53:39 EDT 2019
Some days ago I started with IdP3. My goal is to implement IdP to provide
authentication based on our product's identity store.
Currently I have reached authentication by configuring
metadata-providers.xml with SP's metadata. I use samltest.id for testing
Another testing SP is sptest.iamshowcase.com doesn't provide own metadata.
One of the real SPs is CyberArk PVWA. It also doesn't provide own metadata
- only the following knowledge:
- SAML2 is supported
- ACS URL
- NameIDFormat must be specified as
- IdP must return the user name inside NameID tag
- IdP must provide Issuer, IdP Certificate and IdP login URL
- IdP must be set to accept non signed requests
- IdP's configured 'secure hash algorithm' is either SHA1 or SHA256
I ask you push me somehow to understand a roadmap:
1) How to make Shib IdP and metadata-*less *SP friends?
2) How to force the IdP to return the user name inside NameID tag with
NameIDFormat set to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
I really hope on your help,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users