[Idpy-discuss] working configuration for SATOSA SAMLMirrorFrontend
29 Aug
2018
29 Aug
'18
2:10 p.m.
Hi,
I do not see a direct relation between the
saml2-backend (start_auth()
function) and the SAMLMirrorFrontend. The key defined and used through
the context object contains the '_MIRROR_' part, but this is only
something that we understand - not the compiler/interpreter. For the
code, there is no direct coupling between the respective modules.
I understand that the name of the key is not the issue.
The issue is that the SAMLBackend method start_auth() contains this
logic:
if target_entity_id:
entity_id = urlsafe_b64decode(target_entity_id).decode()
So it assumes that any target entityID passed through the context has
been base64 encoded.
Only the SAMLMirrorFrontend does that, and only because the URL safe
base64 encoded target entityID is used by the SAMLMirrorFrontend, for
example to construct <SingleSignOnService> URLs.
If I am writing a request micro service or a new front end and I want to
use the SAMLBackend, I shouldn't have to URL safe base64 encode the
entityID before putting it into the context for consumption by the
SAMLBackend. I should just be able to put in the context the entityID
of the IdP I want the SAMLBackend to target with an authentication
request.
Or am I missing some fundamental reason that the entityID must be URL
base64 encoded in the context?
Thanks,
Scott