How to setup remote auth
Jingcheng Kou
alexseedkou at gmail.com
Wed Mar 4 13:21:32 EST 2020
Hi Peter,
Thanks for you replying.
For step 3 I have implemented it via http connector.
My use case here is that for a user want to access an app on AWS, I need to
get the attribute (like the role of a user) based on the app he wants to
access.
As far as I know for the regular work flow is that Shib can tell the entity
id from `$resolutionContext.attributeRecipientID`, however this only tells
that the user is trying to access AWS from the metadata in my example,
there is no information about the app the user is trying to access. This is
why I want to send the information of app id in the SAML request and let
Shib get that in order to send this information to the web server to get
the required attribute.
To recap:
I want Shib have more information other than the principal and
attributeRecipientID when receiving the SAML request from other resource.
This is very helpful when I want to access a specific app on the cloud
platform like Azure and AWS. Correct me if I am wrong. Any suggestion will
be appreciated.
Best,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200305/fbdc6b7c/attachment.html>
More information about the users
mailing list