[Satosa-dev] Fwd: SaToSa for SP 1:n mapping and profile update workflow

I need to build a SAML2SAML proxy and would like to adopt SaToSa for this project, which happens to be the Austrian K12 federation. With most IDPs a NREN-like mesh federation would be a straightforward solution, but there are a few requirements that need a proxy: (1) The IDP for federal employees needs to see all K12 applications appear as a single SP. (The use case is commercial, because the IDP is charging per application and per user.) (2) For some IDPs: Create/update an LDAP user object for a subset of attributes (3) Add a profile completion flow for first-time users to confirm/modify email addresses (4) Allow embedded discovery (SHOULD) (5) Staying compatible with the SaToSa upstream project. The attached picture shows the options with 1:1 and 1:n mapping of IDPs. Are both approaches supported by SaToSa? Is it possible to add an interactive flow to the proxy to update profile data? - Rainer