Ivan,
Thank you for your help, this was very useful.
Am 20.08.2017 um 00:16 schrieb Ivan Kanakarakis
<ivan at grnet.gr>:
SATOSA was build to make this scenario easy (SaToSa stands for SAML to
SAML proxy). The backends and frontends have separate configurations,
as seen on the example docs [0][1].
Currently examples or docs do not show separate configurations for the attribute mapping.
I will create a PR once I get this running.
What you need is to specify the
attribute_profile configuration option for each, and configure the
mapping correctly in internal_attributes.yaml
Example backend configuration:
module: satosa.backends.saml2.SAMLBackend
name: Saml2
config:
attribute_profile: samlback
sp_config:
...
Example frontend configuration:
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
attribute_profile: samlfront
idp_config:
...
Example internal_attributes
attributes:
name:
samlfront: [principalname]
samlback: [surname]
The default name ‚saml‘ is not a correct label for an attribute profile, as SAML (and even
saml2int) does not prescribe any attribute names. Examples should be refactored to
something like ‚eduPerson‘.
Best regards
Rainer