Good morning,

Thank you for all details : from a theoretical point of view, it is clearer πŸ™‚

Yes I'm in France but the company is based in Luxembourg : I just used my personal e-mail address to publish in this mailing list πŸ™‚

About Keycloak :
  - unfortunately I have no other choice for the moment : it is in place
  - but if you have a better OpenSource tool to recommend, I can check/test it + discuss with developers to see if we can replace Keycloak if this tool is better for us πŸ˜‰

Just a question about https://seamlessaccess.org/ : is it an intermediary to add in the chain ?
If yes, what is the right chain :
  1. Keycloak -> Satosa -> SeamlessAccess -> Edugain ?
  2. Keycloak -> SeamlessAccess -> Edugain ?
Thank you very much πŸ™‚

Bertrand

De : Peter Schober <peter.schober@univie.ac.at>
EnvoyΓ© : lundi 30 janvier 2023 16:54
Γ€ : satosa-users@lists.sunet.se <satosa-users@lists.sunet.se>
Objet : [satosa-users] Re: Help to implement Satosa + Keycloak + Edugain
 
* U W <poubelle1430531@hotmail.fr> [2023-01-30 15:53]:
> Therefore, if I want to accept Edugain it means I have to import one
> by one each Edugain Federation and our end users have to choose the
> right one in a list.

As to the UI/UX part of that statement: Your end users would not
generally chose "the right" federation from the list of currently 78
eduGAIN participating federations, they would have to pick their
institutional SAML IDP (from the list of currently 5239 SAML IDPs) --
no matter which federation that IDP may be a part of.

So your SAML SP and/or its SAML IDP Discovery Service will need to be
fit to deal with potentially thousands of IDPs, not merely with dozens
of eduGAIN-participating federations.

To get a nice UI/UX for that IDP selection process you could use
https://seamlessaccess.org/ though.

HTH,
-peter
_______________________________________________
satosa-users mailing list -- satosa-users@lists.sunet.se
To unsubscribe send an email to satosa-users-leave@lists.sunet.se