Using a different SP entity ID with the IdP SAML authn flow

Wessel, Keith kwessel at illinois.edu
Thu Sep 2 19:04:19 UTC 2021


Thanks, Scott. So, to make this dynamic and use a different SP entity ID based on, for example, authnContextClassRef of the original incoming request, I can create a bean and set the relyingPartyLookupStrategy on the specific relying party override bean to point to that bean. Is that correct?

I assume my custom bean just returns a string with the entity ID that Shibboleth should identify itself as. Any pointers to other beans in the IdP configuration that would be a good example for me to base mine off of?

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, September 2, 2021 11:59 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Using a different SP entity ID with the IdP SAML authn flow

On 9/2/21, 12:42 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> I'm guessing I can override a ben somewhere, but I can't find it. How do I override this?

Same as the other direction, responderId property on the relying party override for the "SP" except that the SP in this case is the IdP.

We treat the relying party term in its generic sense. The thing you're communicating with. When I applied that metaphor to the proxy support, everything fit, more or less.

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!uTUWp08GQBarDHSjPr10XN2PicZsB6O_qyT1oq_i_Ur7oH2y46_fdNI7LTPEe2mLXg$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list