Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1758

Allow blocking upstream IdP from being shown as AuthenticatingAuthority

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Authentication, SAML2
    • Labels:
      None

      Description

      Hi,

      I'm using IdP 4.0.1 with SAML proxying (to Google Apps/GSuite).

      I see the IdP adds <saml2:AuthenticatingAuthority>https://accounts.google.com/o/saml2?idpid=...</saml2:AuthenticatingAuthority> into AuthnContext (in AuthnStatement in AuthnAssertion)

      I see this functionality was added IDP-1117 - recording the upstream IdP as an ProxyAuthenticationPrincipal and then adding this as AuthenticatingAuthority into the AuthnContext.

      Could there be a switch to suppress this behavior?

      Given how much attribute mapping is done in the (proxying) IdP, I'd rather make it authoritative on its own.

      Could this (suppressing the AuthenticatingAuthority) please be added as optional behavior?

      Cheers,
      Vlad

       

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            tuakiriadmin-vmencl@virtualhome.tuakiri.ac.nz Vladimir Mencl
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 15 minutes
                15m