[satosa-users] Exposing SAML 2.0 IdP Entity ID in OIDC Frontend
15 Mar
2021
15 Mar
'21
2:25 p.m.
Hi,
Comments inline below:
we've been setting up SATOSA as a proxy that uses
the SAML 2.0 backend to
authenticate against a SAML federation, and provides authentication
via the OpenID Connect frontend.
We've successfully managed to map attributes from the SAML side to scopes on
the OIDC side.
However, to qualify these attributes, it seems sensible to also check the
SAML entity ID of the IdP that made the assertions.
How can we expose the entity ID of the IdP asserting the identity of the
user on the OIDC side?
I assume you are asking how to access the entityID of the IdP
asserting the identity within a SATOSA response microservice.
A SATOSA response microservice receives two arguments when it is
invoked. The second argument contains a data structure. You can obtain
the entityID of the authenticating IdP at
data.auth_info.issuer
See the LDAP attribute store microservice, line 408, as an example:
https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/micro_servi…
Another example is the Attribute Modifications response microservice,
line 35:
https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/micro_servi…
HTH,
Scott