3:30 p.m.
Hello,
I'm currently trying to setup SATOSA as a proxy with a SAML2 backend and an OIDC
frontend as I have a few apps that only support OIDC connect, but not SAML.
Following the doc
https://github.com/IdentityPython/SATOSA/blob/master/doc/saml2-to-oidc.md I created the
necessary config files, but I can't make much sense out of the configuration
parameters as
https://github.com/IdentityPython/SATOSA/blob/master/doc/README.md#proxy_co… only
describes a few of them and only on a very high level.
Most importantly:
- are <base_url> and <name> actual (auto-populated?) variables or do I have to
replace them? base_url may be obvious (BASE from proxy_conf.yaml?) but what is
"name"?
- am I really supposed to generate the metadata manually using
https://github.com/IdentityPython/SATOSA/blob/master/doc/README.md#saml_met… or is
that achieved automatically by "entityid_endpoint: true" already? if not where
does the resulting file need to be put an referenced?
- with "entityid_endpoint: true" and "entityid:
'<base_url>/<name>/metadata'" configured shouldn't I be able
to download the SP metadata from this very URL? This doesn't seem to work for me (but
may be related to Q1) as I'm only getting "The Service or Identity Provider you
requested could not be found." (with various variations of name being "app"
or "sp")
- which backend endpoints are actually needed for a simple saml2-to-oidc use case?
Reading through the mailing list I have only seen some known issues when connecting to
Shibboleth as IdP. Are there also known issues or recommended configuration parameters
when connecting to a SimpleSAMLphp IdP?
Thanks for any pointers!
Chris