External authentication and MetadataProvider id
cantor.2 at osu.edu
Mon Jan 31 12:56:36 UTC 2022
On 1/30/22, 5:40 PM, "users on behalf of Jason Pyeron" <users-bounces at shibboleth.net on behalf of jpyeron at pdinc.us> wrote:
> [Not sure if this is too in depth for the users list, apologies if so]
The list is for everything. The depth impacts whether *I* will respond to people who are not paying for that level of access to us for support. This project cannot survive if I continue to provide the old levels of help I used to provide on list because that makes membership pointless for most. What others are willing to do is up to them.
> We have business rules in the external authentication that need access to the MetadataProvider objects. For
> now the id property is sufficient.
> The RelyingPartyContext gets us the SAMLMetadataContext, which in turn grants us access to the
> EntityDescriptor. Internally the SAMLMetadataContext is resolved via the MetadataProviderContainer.
I don’t know what container you're talking about, that doesn't ring any bells, but the relying party ID (the entityID in SAML, client_id in OIDC) is accessible via PRC -> RelyingPartyContext.getRelyingPartyId().
Unless the profile is unverified, which is rare, that's backed by metadata.
> On a side note: It would be nice if EntityDescriptor had a List<MetadataResolver> getResolvers(), would that
> make sense as a patch?
No, that's not feasible.
More information about the users