use with federation

[brianmay]

Hello,

Just curious if it was possible to use something like this with a federation, i.e. the AAF. However am finding it difficult to find information as required.

I don't care (or want) auto discovery, just something that will let me authenticate against specific IDPs that can be included easily in a Docker container. The only recommended solution is to use the Apache shib module, which is a lot of overhead for a docker container and gets confused easily with a Docker environment (been there done that).

As far as I can see however, the AAF requires end points and this plugin doesn't support them. So maybe that means this won't work as is?

In particular, it looks like "Assertion Consuming Service (Artifact)" is a required value, but samly only has a "Assertion Consuming Service (Post)".

There are a number of over end points, am hoping that they might be optional.

Regards

[brianmay]

I am guessing these values should be correct - apart from the host name that is. Maybe I could use the same value for both the "Assertion Consuming Service"?

[handnot2]

Sorry. Artifact resolution is not supported in Samly.

[handnot2]

I don't know if there is enough interest for this. If there is, it might be possible to support SP initiated POST/REDIRECT followed by Artifact resolution from SP to IDP. Please open an issue in the esaml repo. Samly relies on esaml for the core SAML interaction.

[brianmay]

Ok, thanks. Will look at filing a bug report against esaml - thanks for the link.

Are you able to give any good references to documentation on what Artifact resolution is? I am reading stuff that Google found but not really understanding any of it. Maybe I need to be more awake...

[brianmay]

https://github.com/handnot2/esaml/issues/10. Feel free to close this bug report.