IdP implementation roadmap
Yakov Revyakin
yrevyakin at gmail.com
Tue Apr 16 10:53:39 EDT 2019
Hi members,
Some days ago I started with IdP3. My goal is to implement IdP to provide
authentication based on our product's identity store.
Currently I have reached authentication by configuring
metadata-providers.xml with SP's metadata. I use samltest.id for testing
purpose.
Another testing SP is sptest.iamshowcase.com doesn't provide own metadata.
One of the real SPs is CyberArk PVWA. It also doesn't provide own metadata
- only the following knowledge:
- SAML2 is supported
- ACS URL
- NameIDFormat must be specified as
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- IdP must return the user name inside NameID tag
- IdP must provide Issuer, IdP Certificate and IdP login URL
- IdP must be set to accept non signed requests
- IdP's configured 'secure hash algorithm' is either SHA1 or SHA256
I ask you push me somehow to understand a roadmap:
1) How to make Shib IdP and metadata-*less *SP friends?
2) How to force the IdP to return the user name inside NameID tag with
NameIDFormat set to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
I really hope on your help,
Thanks,
Jake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190416/57365e32/attachment.html>
More information about the users
mailing list