We have to send asssertions with emailAddress nameids. This is for a saml
frontend and oidc backend. For now I'm using local patched code, but I'd
prefer to not do that.
I see a pull request (#137) that suggests it would provide the capability.
It seems to be inactive. Is there any chance of it getting merged?
Thanks,
Jim Fox
Univ. of Washington
Hi,
If you are not using the LDAP attribute store microservice for SATOSA
then this note does not concern you. Otherwise please read on...
An updated SATOSA LDAP attribute store microservice with LDAP
connection pooling will be merged today into the satosa_microservice GitHub
repository at
https://github.com/IdentityPython/satosa_microservices
Note that this is NOT the SATOSA repository. Microservices are being
migrated to a new repository and will only be removed from the main
SATOSA repository as part of the next major SATOSA release. New
development for the microservices, however, is primarily taking place in
the new microservices repository.
The updated LDAP attribute store microservice has new functionality AND
a breaking configuration change.
The new functionality is LDAP connection pooling, which provides
substantially better throughput performance as you would expect.
The breaking configuration change is a result of harmonizing the way
microservices are configured, particularly with respect to default
configurations versus per-SP overrides. See the example configuration at
https://github.com/IdentityPython/satosa_microservices/blob/master/example/…
for details. In short, the default configuration must now be labeled as
such using "" or "default". Per-SP overrides remain the same.
Please let me know if you have any questions or concerns.
Thanks,
Scott K
Hi,
I would like SATOSA to receive a SAML assertion from an IdP and check
for a configured set of asserted attributes such as the REFEDs R&S
bundle. If the configured set of asserted attributes is not present
then SATOSA should redirect the browser to an external "error page" to
manage the situation.
I do not see an existing SATOSA microservice that can implement that
requirement. Am I correct?
The primary_identifier microservice can do that for a single identifier
but not for a set of attributes.
If no such microservice (or combination of microservices) can do that
today, I will probably proceed with writing such a microservice. If you
want to input to the requirements and/or design please let me know.
Thanks,
Scott K
