search

OpenConext / OpenConext-myconext

A (guest) IdP for OpenConext
https://eduid.nl/
4 stars 8 forks source link

Pass/add requesting SP in ALA request #357

Closed phavekes closed 1 month ago

phavekes commented 1 month ago

This issue is imported from pivotal 

For the identification-proxy to do accounting; the SP-requesting the validated-name should be known to the proxy. When eduID requests the user to validate his identity, this information should be added to the SAML request.
phavekes commented 1 month ago

Is the scoping/requestorID element the correct location for this info? (Peter Havekes - Aug 23, 2021)

phavekes commented 1 month ago

Using the scoping/RequesterID element for passing the SP requeting account-linking would alter the WAYF, so it can\'t be used for this : https://wiki.surfnet.nl/display/surfconextdev/Authentication+request%3A+bindings%2C+signing+and+options#:~:text=The%20IdPs%20available%20are%20restricted%20to%20the%20ones%20that%20have%20access%20to%20both%20SPs. (Peter Havekes - Sep 1, 2021)

phavekes commented 1 month ago

Use acr to pass the SP\'s entityid to the proxy, set acr to transparent in manage (Peter Havekes - Sep 16, 2021)

phavekes commented 1 month ago

The link account flow can be initiated at the Mijn eduID SP and the eduID IdP. In both scenarios we ask the user if he wants to connect with an institutional account or a guest account. (Okke Harsta - Sep 19, 2021)

phavekes commented 1 month ago

https://github.com/OpenConext/OpenConext-myconext/commit/fff0464e87255f5da5fd8d72160ed08ac11e594b https://github.com/OpenConext/OpenConext-deploy/commit/af01f86193545387a06fee15f10443d5feba0687 https://gitlab.surf.nl/surfconext/surfconext-deploy-environments/-/commit/abf6e1e1dae7f4d5e44ff07bbdf80368acd3abcb (Okke Harsta - Sep 19, 2021)