[Satosa-dev] Unsolicited SSO

Hey everyone, I am writing a SATOSA front end that implements SAML 2.0 IdP-initiated (unsolicited) SSO. Currently, I plan to generate a SAML AuthnRequest using a request variable (`providerID`) that names the service provider. Eventually, I'd like to implement the same interface as Shibboleth (request variables `shire`, `target`, and `time`) because I'm just not that creative. I have some (well, a lot of) questions: - How do I get a list of SAMLFrontend endpoints? - There could be more than one SAMLFrontend configured. How would I know which one to use? - I don't want to rely on JavaScript or the user to submit a form. Can I send the AuthnRequest to the selected SAMLFrontend's HTTP-Redirect endpoint via satosa.response.Redirect? - Is it OK to omit the RelayState? - In the SAML AuthnRequest, can I specify AssertionConsumerServiceIndex="0"? - If not, how do I look up the SP's AssertionConsumerServiceURL? - In the SAML AuthnRequest, can I omit the Destination? - If not, which endpoint should I set Destination to---HTTP-Redirect or HTTP-POST? - If I construct the redirect URL manually, do I base64-encode the AuthnRequest using Python's base64.urlsafe_b64encode()? - Should I use the urllib or requests library to construct the URL instead? Thanks in advance! :) Best wishes, Matthew -- "The lyf so short, the craft so longe to lerne."