New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shibboleth IDP client should have its own OpenID client creds #447

Closed
nynymike opened this Issue Jun 29, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@nynymike
Contributor

nynymike commented Jun 29, 2018

"oxTrust Admin GUI" is also the client used for Shibboleth IDP authentication. That's why it has redirect_uri https://hostname/idp/auth-code.jsp

It would be better if Shibboleth had it's own client creds, and didn't share them with oxTrust. This would give us more flexibility to write customize SAML behavior by writing a consent gathering interception script.

Also, it seems from a security perspective that we'd want to be able to differentiate traffic from oxTrust and the IDP.

@nynymike nynymike added this to the 3.1.4 milestone Jun 29, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Sep 3, 2018

Fixed

@yurem yurem closed this Sep 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment