Skip to content

Latest commit

 

History

History
81 lines (65 loc) · 3.45 KB

one-to-many.md

File metadata and controls

81 lines (65 loc) · 3.45 KB

saml-to-saml

one-to-many

  1. The service provider sends a request to the proxy instance. The service provider only knows about the proxy and none of the actual identity providers.
  2. The proxy redirects the user to the discovery service
  3. The entity ID of the identity provider selected by the user is returned to the proxy
  4. The proxy sent authentication request and when completed the the user get redirected back to the proxy
  5. The response returned from the Identity provider is returned to the Service provider

many-to-one

  1. Service provider sends request to proxy
  2. Proxy communicates with the identity provider which normally can't talk to the service provider. A reason for this could be that it can't handle multiple entity ID's or that they are not really compatible.
  3. Response returned by the identity provider containing the user information.
  4. proxy returns the response to the service provider

Installation

After following the installation instructions, the proxy must be configured with a SAML2 frontend and an SAML2 backend.

Configuration

  1. Copy the necessary base configurations from the <satosa_path>/example directory:

    mkdir -p saml2-saml2/plugins
    cp example/{proxy_conf.yaml.example,internal_attributes.yaml.example} saml2-saml2/
    cp example/plugins/frontends/saml2_frontend.yaml.example saml2-saml2/plugins/
    cp example/plugins/backends/saml2_backend.yaml.example saml2-saml2/plugins/
  2. Configure the proxy:

  3. Rename proxy_conf.yaml.example to proxy_conf.yaml:

    mv proxy_conf.yaml.example proxy_conf.yaml
  4. Edit the necessary proxy configuration parameters, see the SATOSA proxy configuration section of the proxy configuration instructions for more information. To specify the necessary plugins make sure to include the following configuration parameter values:

    BACKEND_MODULES:
      - saml2-saml2/plugins/saml2_backend.yaml
    FRONTEND_MODULES:
      - saml2-saml2/plugins/saml2_frontend.yaml
  5. Configure the attribute mapping:

  6. Rename internal_attributes.yaml.example to internal_attributes.yaml:

    mv internal_attributes.yaml.example internal_attributes.yaml
  7. Map the necessary attributes, see the Attribute mapping configuration section of the proxy configuration instructions for more information.

  8. Configure the plugins

  9. Rename plugins/saml2_frontend.yaml.example to plugins/saml2_frontend.yaml and plugins/saml2_backend.yaml.example to plugins/saml2_backend.yaml

    mv plugins/saml2_frontend.yaml.example plugins/saml2_frontend.yaml
    mv plugins/saml2_backend.yaml.example plugins/saml2_backend.yaml
  10. Specify the necessary configuration parameters, see the Plugins section of the proxy configuration instructions for more information.

  11. Generate the SAML metadata, see the SAML metadata section of the proxy configuration instructions for more information.

Run

  1. Start the proxy application, see the Running the proxy application section of the proxy configuration instructions for more information.