idpv4 SAMLAuthnConfiguration customization
Francesco Malvezzi
francesco.malvezzi at unimore.it
Wed Apr 29 09:49:35 EDT 2020
First of all, thank you for the smooth upgrade experience to
shibboleth-idp-4. It took me longer to figure out how to switch to
jetty-9.4 than the actual IdP upgrade.
Got to notice: SAMLAuthnConfiguration. It looks very promising.
Documentation says the SP entityID is customizable: can you point me to
a link? How far customization can be pushed? May I mimic the
shibboleth-sp sessionInitiator to define AuthnRequest [1]? Can I provide
another different certificate for the SP part (I would like to spare me
another metadata registration because in the use case I am thinking of
it is time-consuming),
thank you,
francescm
[1] example snippet from shibboleth2.xml:
<SessionInitiator ....>
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Version="2.0"
IssueInstant="2016-06-20T08:00:00+02:00"
ID="foo"
AssertionConsumerServiceIndex="0"
AttributeConsumingServiceIndex="0"
>
<saml:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
NameQualifier="example.org">https://spid.example.org/sp</saml:Issuer>
<samlp:RequestedAuthnContext Comparison="minimum"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AuthnContextClassRef>https://www.spid.gov.it/SpidL1</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
</SessionInitiator>
More information about the users
mailing list