New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shibboleth IDP client should have its own OpenID client creds #447

nynymike opened this Issue Jun 29, 2018 · 1 comment


None yet
2 participants

nynymike commented Jun 29, 2018

"oxTrust Admin GUI" is also the client used for Shibboleth IDP authentication. That's why it has redirect_uri https://hostname/idp/auth-code.jsp

It would be better if Shibboleth had it's own client creds, and didn't share them with oxTrust. This would give us more flexibility to write customize SAML behavior by writing a consent gathering interception script.

Also, it seems from a security perspective that we'd want to be able to differentiate traffic from oxTrust and the IDP.

@nynymike nynymike added this to the 3.1.4 milestone Jun 29, 2018


This comment has been minimized.


yurem commented Sep 3, 2018


@yurem yurem closed this Sep 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment