Open tvdijen opened 5 years ago
I understand the issue. Given the development capacitity we have left I'm doubtful that we will prioritize this for our development efforts, though. Obviously a PR would be welcome. I can imagine workarounds to be possible also.
I think my workaround was to just add a skeleton IDP with the right entityID and exclude it from push.. I'm willing to provide a PR, if someone could confirm to me that it is in fact only looking up a pretty name...
As far as I could read from the code, on authentication PDP will do a lookup in Manage to find the pretty name that goes with the authenticating authority's entityID. In my case, I use an admin-IDP that is not connected to the EB-instance and therefore is not known to Manage. This will lead to an 'Access denied' message in the logs and a 'PDP currently unavailable' message in the GUI, even though the Shibboleth-authentication succeeded.
If this is indeed only used for pretty printing (I'm not 100% sure) the IDP's name, could this be fixed by falling back on the entityID as a name instead of failing miserably?