[Satosa-dev] eIDAS integration

Hello, On 3 May 2018 at 17:10, Niels van Dijk <niels.vandijk at surfnet.nl> wrote: Yes. What you need is to define that you are using an eIDAS backend. So, a configuration would look like: module: satosa.backends.saml2.SAMLEIDASBackend When you do that, some properties will be defined by default - ie want_response_signed will be true, force_authn will be true, allow_unsolicited will be false, etc pysaml2 already includes eidas related bits. New options include - hide_assertion_consumer_service: https://github.com/IdentityPython/pysaml2/blob/master/doc/howto/config.rst#… - sp_type: https://github.com/IdentityPython/pysaml2/blob/master/doc/howto/config.rst#… - sp_type_in_metadata: https://github.com/IdentityPython/pysaml2/blob/master/doc/howto/config.rst#… - requested_attributes: https://github.com/IdentityPython/pysaml2/blob/master/doc/howto/config.rst#… SATOSA also uses the entityid_endpoint option (automatically set to true when SAMLEIDASBackend is used). This makes the entityid an accessible URL. This repo is not used - it should be removed. set the module to be SAMLEIDASBackend make the entityid an https url configure internal_attributes.yaml to convert eIDAS NaturalPerson or LegalPerson attributes to SAML/OIDC/etc and you should be set. At GRNET we have a working installation with the eIDAS demo implementation provided by EU (Java based). That implementation requires some more things to work out of the box - ie a 'country' property with some value is needed (the demo EU SP node provides a countrly selector view) and it seems that only the POST binding is working. Try it out ;)