[Satosa-dev] SaToSa support for new SAML subject identifiers

Hello Niels, On Tue, 3 Mar 2020 at 14:40, Niels van Dijk <niels.vandijk at surfnet.nl> wrote: I am not sure what it is that you are looking for in satosa. The satosa core does not know anything about protocols. The new subject-id is a SAML concept. PySAML2 can recognise it (see https://github.com/IdentityPython/pysaml2/commit/6d611b715ca11b2f8250024ba6…) Having said this, the new identifier takes the form of an attribute. This means that the saml frontend and backend will translate it to satosa's internal structure as a key-value under the internal-data attribute structure (`internal_data.attributes["subject-id"]` and `internal_data.attributes["pairwise-id"]` will contain the corresponding values; if those were received). Same goes for the internal_attributes.yaml configuration, where you can map to which internal name and claim or SAML-attribute you want to map the value. You do this by a configuration like so ``` attributes: identifier: openid: [sub] saml: ["subject-id"] ... ``` I hope this helps. Cheers, -- Ivan c00kiemon5ter Kanakarakis >:3