Menu
▾
▴
Re: [Unity-idm-discuss] Using multiple SAML federations with IdP overlap
|
From: Krzysztof B. <kb...@un...> - 2019-11-12 09:38:44
|
W dniu 12.11.2019 o 10:22, Marcus Hardt pisze: > On 11/12/19 10:15, Krzysztof Benedyczak wrote: >> Hi Sander, >> >> W dniu 11.11.2019 o 14:48, Sander Apweiler pisze: >>> Hi Krzysztof, >>> >>> the DFN AAI offers different trust levels for the IdP federation based >>> on the identity vetting. Every IdP is in the basic one but not all are >>> in the advanced one (higher identity vetting). If we want to support >>> both federations, unity will find IdPs two times. One in basic and one >>> in advanced. >>> >>> We want to store some Assurance information to the users, based on the >>> federation. Because the users of an IdP from DFN advanced have a high >>> identity vetting instead of basic AAI. I assume we would need two >>> different input translation profiles for it. Please correct me if I am >>> wrong. >>> >>> So I have two different questions. >>> 1. Can unity deal with the fact that IdPs are listed two times and >>> using different translation profiles? >>> 2. If 1 is yes, who we could ensure that IdPs from advanced AAI are >>> always uses the path trough advanced and never trough the basic AAI? >> If I understood this correctly those are basically two federations (two XMLs >> with metadata) Basic and Advanced, in Advanced I'll find all IdPs from Basic >> (same SAML entityIds), right? > Otherway round: All the advanced IdPs are also in Basic. Yes, sure - typo. |
