Menu
▾
▴
Re: [Unity-idm-discuss] Using multiple SAML federations with IdP overlap
|
From: Sander A. <sa....@fz...> - 2019-12-05 06:15:50
|
Good morning Krzysztof, On Wed, 2019-12-04 at 21:36 +0100, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 02.12.2019 o 08:17, Sander Apweiler pisze: > > Hi Krzysztof, > > > > yes we want to set different level of assurance (within translation > > profile), based on this attribute. This attribute indicates how the > > identity vetting was done at the organisations. > > I've looked into this metadata too (as found here > https://doku.tid.dfn.de/en:metadata) > > So in fact I think you in the end don't want to use 2 metadata > sources, > merged by Unity, but only one: the basic metadata which includes > both > advanced and basic idps. And the only feature missing is to parse > the > SAML metadata extension with IDP attributes, and expose it for the > user > logging through such IdP. Is it all correct? Yes this is correct. > > If so this is perhaps not very complex task, but certainly longer. > We > would expose those in the context of input profile of SAML > authenticator > (as a new variable, e.g. idpAttrs). So you can either create a > condition > on it or just use it as-is for some attribute value. We will also > need > to implement IdP side support for it - to be able to automate > testing. > > Does it sound correct to you? This is almost correct, but in this case the DFN set this attribute in the metadata not the IdP. Cheers, Sander > > Cheers, > Krzysztof -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
