External authentication and MetadataProvider id

[Cantor, Scott]

On 1/30/22, 5:40 PM, "users on behalf of Jason Pyeron" <users-bounces at shibboleth.net on behalf of jpyeron at pdinc.us> wrote:

>    [Not sure if this is too in depth for the users list, apologies if so]

The list is for everything. The depth impacts whether *I* will respond to people who are not paying for that level of access to us for support. This project cannot survive if I continue to provide the old levels of help I used to provide on list because that makes membership pointless for most. What others are willing to do is up to them.

>    We have business rules in the external authentication that need access to the MetadataProvider objects. For
> now the id property is sufficient.
>
>    The RelyingPartyContext gets us the SAMLMetadataContext, which in turn grants us access to the
> EntityDescriptor. Internally the SAMLMetadataContext is resolved via the MetadataProviderContainer.

I don’t know what container you're talking about, that doesn't ring any bells, but the relying party ID (the entityID in SAML, client_id in OIDC) is accessible via PRC -> RelyingPartyContext.getRelyingPartyId().

Unless the profile is unverified, which is rare, that's backed by metadata.

>    On a side note: It would be nice if EntityDescriptor had a List<MetadataResolver> getResolvers(), would that
> make sense as a patch?

No, that's not feasible.

-- Scott