Skip to content

carry the proxy through as authenticationauthority #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 30, 2017
Merged

carry the proxy through as authenticationauthority #97

merged 1 commit into from
May 30, 2017

Conversation

leifj
Copy link
Contributor

@leifj leifj commented May 29, 2017

This sets the AuthnStatement/AuthnContext/AuthenticatingAuthority to the proxied entityID. Might be useful.

@leifj
Copy link
Contributor Author

leifj commented May 29, 2017

OK guys pls review!

@leifj leifj requested a review from jkakavas May 29, 2017 13:07
jkakavas
jkakavas reviewed May 29, 2017
View reviewed changes
Copy link
Member

@jkakavas jkakavas left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to SAML Core 3.4.1.5.1 in the case of proxying :

The saml:AuthnStatement in the new assertion MUST include a saml:AuthnContext element containing a saml:AuthenticatingAuthority element referencing the identity provider to which the proxying identity provider referred the presenter. If the original assertion containssaml:AuthnContext information that includes one or more saml:AuthenticatingAuthority elements, those elements SHOULD be included in the new assertion, with the new element placed after them.

Assuming that your title is misleading and what we carry over is the original Issuer ( which should be the case with internal_response.auth_info.issuer ) I think this is not only a nice to have, but something we must be doing.

@leifj
Copy link
Contributor Author

leifj commented May 30, 2017

Yes the title is misleading and this is exactly what I'm talking about.

@leifj leifj merged commit ca20986 into IdentityPython:master May 30, 2017
@leifj leifj deleted the proxy_authentication_authority branch May 31, 2017 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkakavas jkakavas jkakavas left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leifj @jkakavas