Menu
▾
▴
Re: [Unity-idm-discuss] Using multiple SAML federations with IdP overlap
|
From: Krzysztof B. <kb...@un...> - 2019-12-04 20:36:13
|
Hi Sander, W dniu 02.12.2019 o 08:17, Sander Apweiler pisze: > Hi Krzysztof, > > yes we want to set different level of assurance (within translation > profile), based on this attribute. This attribute indicates how the > identity vetting was done at the organisations. I've looked into this metadata too (as found here https://doku.tid.dfn.de/en:metadata) So in fact I think you in the end don't want to use 2 metadata sources, merged by Unity, but only one: the basic metadata which includes both advanced and basic idps. And the only feature missing is to parse the SAML metadata extension with IDP attributes, and expose it for the user logging through such IdP. Is it all correct? If so this is perhaps not very complex task, but certainly longer. We would expose those in the context of input profile of SAML authenticator (as a new variable, e.g. idpAttrs). So you can either create a condition on it or just use it as-is for some attribute value. We will also need to implement IdP side support for it - to be able to automate testing. Does it sound correct to you? Cheers, Krzysztof |
