[Satosa-dev] SAML 2.0 to SAML 1 GW

Hello Gustavo, On Thu, 27 Feb 2020 at 14:27, Gustavo Duarte <gus.duarte at gmail.com> wrote: You can do this with a "plugin", but you should think this more as an _adapter_. What happens is that Satosa receives a request through one of its frontends. The frontends implement the IdP/OP-like interfaces. The frontends extract the useful information and translate the request to an internal representation. This representation is then translated back to the outgoing protocol through a backend. The backend gets the internal data and map it to the right constructs of the outgoing protocol. In your case that would be SAML1 or the custom-API you want to build. So, effectively, the backends are SPs/RPs/clients that talk to an IdP/OP/server. The IdP/OP/server will authenticate the user, and then reply by sending a response. The response is again handled by the backend, but this time, the backend will extract the useful information and translate the response to the internal representation. The data are then handed over to the frontend to form the response in the original protocol (SAML2 in your case). So, you can see that the backend is an adapter between the outgoing protocol (SAML1/custom-API) and the internal representation. With this in mind, you can start building such a backend. Look at the base class for the backend, here: https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/backends/ba… This is the API you have to fulfil; plus one more function that will handle the response and is registered along with a route as a callback in register_endpoints(). You can also see the internal data structure here: https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/internal.py… Have a look at the existing backends, and whether a SAML1 SP library is already out there. I think that will get you started. Cheers, -- Ivan c00kiemon5ter Kanakarakis >:3