10:16 p.m.
Hi,
On 20 August 2017 at 00:26, Rainer Hoerbe <rainer at hoerbe.at> wrote:
In my current saml2saml use case I need to rename an
attribute (the IPD’s
principalname to surname). The quickest way for seems to be to have a second
internal_attribute.yml and initialize frontend and backend with different
setting. However, there might be a more elegant way. Is there already a
microservice available that would allow me to configure such a conversion?
SATOSA was build to make this scenario easy (SaToSa stands for SAML to
SAML proxy). The backends and frontends have separate configurations,
as seen on the example docs [0][1]. What you need is to specify the
attribute_profile configuration option for each, and configure the
mapping correctly in internal_attributes.yaml
Example backend configuration:
module: satosa.backends.saml2.SAMLBackend
name: Saml2
config:
attribute_profile: samlback
sp_config:
...
Example frontend configuration:
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
attribute_profile: samlfront
idp_config:
...
Example internal_attributes
attributes:
name:
samlfront: [principalname]
samlback: [surname]
[0]:
https://github.com/SUNET/SATOSA/blob/master/example/plugins/backends/saml2_…
[1]:
https://github.com/SUNET/SATOSA/blob/master/example/plugins/frontends/saml2…
Cheers, Rainer
Cheers,
--
Ivan Kanakarakis
7:22 p.m.
Ivan,
Thank you for your help, this was very useful.
Am 20.08.2017 um 00:16 schrieb Ivan Kanakarakis
<ivan at grnet.gr>:
SATOSA was build to make this scenario easy (SaToSa stands for SAML to
SAML proxy). The backends and frontends have separate configurations,
as seen on the example docs [0][1].
Currently examples or docs do not show separate configurations for the attribute mapping.
I will create a PR once I get this running.
What you need is to specify the
attribute_profile configuration option for each, and configure the
mapping correctly in internal_attributes.yaml
Example backend configuration:
module: satosa.backends.saml2.SAMLBackend
name: Saml2
config:
attribute_profile: samlback
sp_config:
...
Example frontend configuration:
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
attribute_profile: samlfront
idp_config:
...
Example internal_attributes
attributes:
name:
samlfront: [principalname]
samlback: [surname]
The default name ‚saml‘ is not a correct label for an attribute profile, as SAML (and even
saml2int) does not prescribe any attribute names. Examples should be refactored to
something like ‚eduPerson‘.
Best regards
Rainer
2462
days inactive
2463
days old
1 comments
2 participants
participants (2)
-
ivan@grnet.gr -
rainer@hoerbe.at