[Satosa-dev] SaToSa support for new SAML subject identifiers
Ivan Kanakarakis
ivan.kanak at gmail.com
Tue Mar 3 13:29:03 UTC 2020
Hello Niels,
On Tue, 3 Mar 2020 at 14:40, Niels van Dijk <niels.vandijk at surfnet.nl> wrote:
>
> Hi all,
>
> Is there an existing implementation (or planned) implementation of the
> new SAML subject identifiers [1] ?
>
I am not sure what it is that you are looking for in satosa. The
satosa core does not know anything about protocols. The new subject-id
is a SAML concept. PySAML2 can recognise it (see
https://github.com/IdentityPython/pysaml2/commit/6d611b715ca11b2f8250024ba6a8d6f3377609a3).
Having said this, the new identifier takes the form of an attribute.
This means that the saml frontend and backend will translate it to
satosa's internal structure as a key-value under the internal-data
attribute structure (`internal_data.attributes["subject-id"]` and
`internal_data.attributes["pairwise-id"]` will contain the
corresponding values; if those were received).
Same goes for the internal_attributes.yaml configuration, where you
can map to which internal name and claim or SAML-attribute you want to
map the value. You do this by a configuration like so
```
attributes:
identifier:
openid: [sub]
saml: ["subject-id"]
...
```
I hope this helps.
Cheers,
--
Ivan c00kiemon5ter Kanakarakis >:3
More information about the Satosa-dev
mailing list