SATOSA
SATOSA copied to clipboard
IdentityPython
Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)
Use Case: see issue #218 Or: a pair of request/response microservice need to share state via a cookie. Currently, the cookie name needs to be hard coded or configured twice....
It would awesome if SATOSA could proxy WS-Trust / WS-Federation requests.
Durch the setup of a rocket chat server fronted by satosa (SAML2SAML) I encountered various configurations errors, like a certificate problem with the metadata, clock drag and incorrect metadata registration....
frontend and backend saml plugins specify endpoints in different and inconsistent way
When the DecideIfRequesterIsAllowed microservice is activated, it failes complaining that the target entityID is not set. As there is only 1 IDP in the backend metadata, satosa should derive the...
Currently satosa is completely transparent to the end-user, which is a logical result of it being a protocol proxy. If all goes well, the user should not know she visited...
SATOSA invokes pysaml2 internally and converts the received attributes from their _name_ to their _friendly name_ and that is the name that is used by the `internal_attributes.yaml` file to map...
Working on multi-factor login, I have observed that Satosa is handling requests for _missing authentication context classes_ wrongly. If an SP asks for the authentication context class `https://refeds.org/mfa`, the user...
When SatoSa generates metadata for either front or backend saml plugins, the signature identifier is generated as While the value is strictly speaking not incorrect (a unique string is required),...
Hi, I've come across a setup/configuration where we have internal_response attributes which value is an empty list. Something like : ``` {'edupersonorcid': [], 'eppn': ['[email protected]'], 'surname': ['Kakavas']} ``` The attributes...
Metadata
Owner
Metadata
Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)