Hi Scott,
Our ansible configuration can be found here:
https://github.com/SURFscz/SCZ-deploy/tree/master/roles/satosa
The SamlIdp and SAMLMirrorIdp templates are out of sync because the mirror
conf doesn't get the love the normal IdP receives, but apart from jinja
templating magic there's not much difference.
The idea is that satosa-saml-metadata will create IdP metadata for a unique
IdP entityID for each configured IdP on all SAMLbackends or OIDC RP. In our
case the entityID is a concatenation of the [satosa proxy url] + /[backend
module name] + /[base64 encoded IdP entityID] which are also the base for the
endpoints:
entityID="https://proxy.scz-vm.net/md/SamlMirrorIdP.xml/SamlSP/
aHR0cHM6Ly9pZHAtdGVzdC5zY3otdm0ubmV0L3NhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocA=="
Location="https://proxy.scz-vm.net/SamlSP/
aHR0cHM6Ly9pZHAtdGVzdC5zY3otdm0ubmV0L3NhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocA==/
sso/redirect"
I realise our code might differ slightly from upstream because of PR #171 as we
introduced the SAMLMirroredBackend module as well...
YMMV ;)
Regards,
Martin
On Friday, August 24, 2018 6:33:21 PM CEST Scott Koranda wrote:
Hello,
Does anyone have a configuration for the SATOSA SAMLMirrorFrontend they
have working and would be willing to share?
I have working configurations for SAMLFrontend (of course), but I want to
understand what changes for a working SAMLMirrorFrontend.
I am having trouble just understanding it from the code, and I cannot find
any documentation that explains it...
Thanks for your consideration,
Scott K