[Satosa-dev] Attribute rename [Was: Re: Proposal: callback on attribute mapping]
ivan@grnet.gr
19 Aug
2017
19 Aug
'17
10:16 p.m.
Hi,
On 20 August 2017 at 00:26, Rainer Hoerbe <rainer at hoerbe.at> wrote:
In my current saml2saml use case I need to rename an
attribute (the IPD’s
principalname to surname). The quickest way for seems to be to have a second
internal_attribute.yml and initialize frontend and backend with different
setting. However, there might be a more elegant way. Is there already a
microservice available that would allow me to configure such a conversion?
SATOSA was build to make this scenario easy (SaToSa stands for SAML to
SAML proxy). The backends and frontends have separate configurations,
as seen on the example docs [0][1]. What you need is to specify the
attribute_profile configuration option for each, and configure the
mapping correctly in internal_attributes.yaml
Example backend configuration:
module: satosa.backends.saml2.SAMLBackend
name: Saml2
config:
attribute_profile: samlback
sp_config:
...
Example frontend configuration:
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
attribute_profile: samlfront
idp_config:
...
Example internal_attributes
attributes:
name:
samlfront: [principalname]
samlback: [surname]
[0]:
https://github.com/SUNET/SATOSA/blob/master/example/plugins/backends/saml2_…
[1]:
https://github.com/SUNET/SATOSA/blob/master/example/plugins/frontends/saml2…
Cheers, Rainer
Cheers,
--
Ivan Kanakarakis