New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IDP Initiated Authentication Script #267
Comments
There are 3 oxAuth questions regarding this diagram:
Also I think we have to communicate with Internal SP according to this diagram. These are steps 8 and 9. |
|
I talked to @willow9886 regarding this issue. |
We can implement next flow which uses Gluu-Passport:
Here si plan:
We can finish all steps except 5 in 3.1.4ю |
I'm closing this, I think the recently added IDP-initiated capabilities to passport do the job. |
Are there docs on how to configure it in Gluu? I end up having to address this question several times a week. |
Not yet I think since it was recently introduced. Actually, it was solved for 3.1.5. It will be part of 3.1.5 docs |
It would be nice if oxAuth could act as a gateway for consolidating IDP-initiated authentication. The basic idea is that the Gluu Server would be the SP--i.e. the authentication is coming from an external organization's IDP. Gluu would consume the assertion, dynamically register the person if necessary, and then redirect the person as specified by the relay_state parameter.
It's unclear if this can be done within an interception script alone, or if we'd need to implement a new endpoint. Also, would the oxAuth publish SP metadata for this endpoint? This service should generate its own keys and certificates.
For testing, use a Shibboleth IDP, which support IDP initiated as the "internal IDP"
Sequence Diagram Source
The text was updated successfully, but these errors were encountered: