Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-832

Passing attributes back to IdP when external authN is used.

    XMLWordPrintable

    Details

      Description

      Per previous discussion with Scott, I would like the IdP to allow me to stuff already-resolved attributes back into the context, when external authentication is used, and request is delegated to a system that handles all of that. In most Shib/CAS integrations where Shib is layered over an external CAS instance, CAS handles the production and consumption of the authentication context class and principal attributes. Since the adopter in this type of deployment only uses the IdP invisibly to handle the production of SAML assertions, and makes no attempt at configuring the IdP to handle attribute resolution, etc (and wouldn't want to duplicate config anyway, since all of that is already put into the CAS config already) there would need to be a way to pass back attributes from CAS back to the IdP context tree.

      Scott did explain to me that passing back the context class is entirely possible now but there may need to be a few changes to the API to allow the actual principal to carry attributes with it right inside the object, rather than creating a new context class, etc.

      Seemed like this type of change might fit into the 3.2 roadmap, but it can obviously wait.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cantor.2@osu.edu Scott Cantor
              Reporter:
              mmoayyed@unicon.net Misagh Moayyed
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 30 minutes
                  2h 30m