12:50 a.m.
Hello Jonathan,
The SAMLFrontend acts as the SAML2 IdP interface of the proxy. The
interface acts as a single IdP.
The SAMLVirtualCoFrontend, where "Co" stands for Collaboration, acts
again as the IdP interface of the proxy, but this time it is used to
virtualize multiple IdPs each with their own entityID and some
metadata information. Internally the defined virtual IdPs can be used
in a uniform way, and forward the requests to a system that handles
user identities regardless of the proxy virtual-IdP that was invoked.
It's probably easier to think of it the other way around; an IdP
(single system) holds identities for users but they need to be grouped
into collaborations (teams), to do that the SAMLVirtualCoFrontend
allows you to virtualize those teams as separate IdPs.
I hope this clears things up a bit.
Cheers,
On Mon, 3 Aug 2020 at 20:28, Jonathan Newell
<JonathanANewell at hotmail.com> wrote:
Hello SatoSa list!
This is my first post as I am just getting started with SatoSa. Thanks to all for making
it possible. I love it so far, the code and semantics are very clean!
Question: It seems that I can configure SAMLFrontend and SAMLVirtualCoFrontend to both
operate correctly in my topology ( 1 or many SP => 1 IdP. OR 1 SP=> many IdP ) as
such I am uncertain of which module would be best to use.
Can someone in the community tell me why I would want to use one module over the other?
I think I must be missing some functional capabilities afforded by one but not the other.
TIA
-Jonathan
+++
_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users
--
Ivan c00kiemon5ter Kanakarakis >:3