Menu
▾
▴
Re: [Unity-idm-discuss] Additional attribute source
|
From: Krzysztof B. <kb...@un...> - 2017-08-24 21:48:39
|
Sander, W dniu 23.08.2017 o 09:59, Sander Apweiler pisze: > Hi, > > In our project is planed to use an additional attribute source for > registered users. We want to extend authorization possibilities with > this attribute source. > > Unity (A) is a proxy IdP and all services within the project use A for > the authentication. The integration with other IdPs and SPs is already > done. The attribute service (B) uses unity for authentication too. B is > not an IdP, it is a SP of A. The situation would look like this: > > - The user authenticates at A (done) > - The login into B is done with A (done; mapping by persistent > identifier from A) > - A get some additional information (e.g. group membership) about the > user from B > > I know the possibility about adding attributes by the administration > API. Is there another possibility to use additional attribute sources > for registered users like described above? I don't think I can follow your scenario. Can you provide more details? What are those services (what protocols)? What is the sequence of operations: when Unity should request those attributes? Reading your example literally user logins to B via Unity, which asks B about attributes of user - ? to provide them back to B? Best Krzysztof |
