[Satosa-dev] SAML 2.0 to SAML 1 GW

Gustavo Duarte gus.duarte at gmail.com
Tue Mar 3 12:23:01 UTC 2020

Hi Ivan,

Awesome ! your explanation is very clear and helpful.

Thanks !!

El sáb., 29 feb. 2020 a las 10:11, Ivan Kanakarakis (<ivan.kanak at gmail.com>)

> Hello Gustavo,
> On Thu, 27 Feb 2020 at 14:27, Gustavo Duarte <gus.duarte at gmail.com> wrote:
> >
> > Hi Ivan, thanks you for your time.
> >
> > What's the best way to implement the backend to handle SAML1 or custom
> API ? Through a Plugin ?
> You can do this with a "plugin", but you should think this more as an
> _adapter_. What happens is that Satosa receives a request through one
> of its frontends. The frontends implement the IdP/OP-like interfaces.
> The frontends extract the useful information and translate the request
> to an internal representation. This representation is then translated
> back to the outgoing protocol through a backend. The backend gets the
> internal data and map it to the right constructs of the outgoing
> protocol. In your case that would be SAML1 or the custom-API you want
> to build. So, effectively, the backends are SPs/RPs/clients that talk
> to an IdP/OP/server.
> The IdP/OP/server will authenticate the user, and then reply by
> sending a response. The response is again handled by the backend, but
> this time, the backend will extract the useful information and
> translate the response to the internal representation. The data are
> then handed over to the frontend to form the response in the original
> protocol (SAML2 in your case).
> So, you can see that the backend is an adapter between the outgoing
> protocol (SAML1/custom-API) and the internal representation.
> With this in mind, you can start building such a backend. Look at the
> base class for the backend, here:
> https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/backends/base.py
> This is the API you have to fulfil; plus one more function that will
> handle the response and is registered along with a route as a callback
> in register_endpoints().
> You can also see the internal data structure here:
> https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/internal.py#L107
> Have a look at the existing backends, and whether a SAML1 SP library
> is already out there. I think that will get you started.
> Cheers,
> --
> Ivan c00kiemon5ter Kanakarakis  >:3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sunet.se/pipermail/satosa-dev/attachments/20200303/c0c5b9d3/attachment.html>

More information about the Satosa-dev mailing list