Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1392 Login flow for OIDC authentication
  3. IDP-1394

OIDC login flow - multiplex the RP configuration settings

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 5.0.0
    • Component/s: Authentication, OIDC
    • Labels:
      None

      Description

      As a basic step to make the flow handle multiple relying parties, I would start by pulling the various properties that end up in the context object for initiating the authentication into an OIDCIntegration class. That should also simplify the context class so it can just store off that class object instead of a dozen or more individual settings.

      I haven't fully fleshed out my thinking on this, but I think the proxy flows like this one probably have to assume the use of the MFA flow as a front-end to handle discovery for the IdP/OP. At least for now that's what I would assume. So, I would have this flow start by calling a lookup strategy function set in the config (similar to the Duo flow) to have it obtain the OIDCIntegration to use. Later on, I'll flesh out a model where the discovery step would stash off sufficient information for that lookup strategy to return the selected integration settings based on the choice made.

      This shouldn't impact the rest of the code/design much, it's just a front-end change from a static property set to allowing it to be derived at runtime.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            cantor.2@osu.edu Scott Cantor
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: