Menu
▾
▴
[Unity-idm-discuss] Using multiple SAML federations with IdP overlap
|
From: Sander A. <sa....@fz...> - 2019-11-11 13:49:08
|
Hi Krzysztof, the DFN AAI offers different trust levels for the IdP federation based on the identity vetting. Every IdP is in the basic one but not all are in the advanced one (higher identity vetting). If we want to support both federations, unity will find IdPs two times. One in basic and one in advanced. We want to store some Assurance information to the users, based on the federation. Because the users of an IdP from DFN advanced have a high identity vetting instead of basic AAI. I assume we would need two different input translation profiles for it. Please correct me if I am wrong. So I have two different questions. 1. Can unity deal with the fact that IdPs are listed two times and using different translation profiles? 2. If 1 is yes, who we could ensure that IdPs from advanced AAI are always uses the path trough advanced and never trough the basic AAI? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
