As the Gateway I should be able to act as a Transparent Proxy so that SPs can use the Gateway as transparent proxy

[phavekes]

This issue is imported from pivotal - Originaly created at Sep 24, 2014 by Daan van Renterghem

[phavekes]

SURFconext does understand scoping now. Option is to handle this using real scoping, this would require the GW to be transparant for scoping. (Pieter van der Meulen - Mar 10, 2015)

[phavekes]

The current scoping implementation in the gateway is that it sets the SP as scope in the AuthnRequest that is sent to SURFconext, is this what you mean with transparent scoping?

See https://github.com/SURFnet/Stepup-Gateway/blob/73e57b369613a1625c0337aca6174c796bad16b6/src/Surfnet/StepupGateway/GatewayBundle/Controller/GatewayController.php#L84 (Daan van Renterghem - Mar 11, 2015)

[phavekes]

I ment the other kind of scoping, scoping using IDPList. We will need to verify the OpenConext scoping behaviour when both IDPList and RequesterID are used by a SP that is configured as trusted proxy. in OpenConext. (Pieter van der Meulen - Mar 11, 2015)

[phavekes]

This seems obsolelte now that EB can perform the stepup function for SPs that require transparent proxying. (Thijs Kinkhorst - Sep 15, 2021)