-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Selecting IdP from SPConfig #273
Comments
consider that you can have multiple idp in a metadata store (let's assume we have a MDQ) and just enable one of these in your SP. that's something that belong to pysaml2, three years at this part that I don't use this feature so I would appreciate your patches if needed and coupled with some tests as well tell more about your use case if there's something that we could share for a better implementation thank you @pauldekkers |
Hi @pauldekkers take a look here, If I'm not wrong that's what you're looking for: djangosaml2/djangosaml2/tests/__init__.py Line 232 in 57ad2ba
|
Hi,
I was looking at the
SAML_CONFIG_LOADER
callable to select an IdP (or possible even set scoping attributes later ;-)) based on other logic. (Since the callable is used in a new authentication request for every user, one could use the hostname or part of the path for instance, or something from a session.)In the djangosaml2 documentation I read:
for the idp section in the SPConfig
{ "service": { "sp": { "idp": [] } } }
, but looking at the code, I wonder if any of this idp information is used at all? Becausedjangosaml2.utils.available_idps()
only considers metadata from the SPConfig.Maybe it could be another way to get a selected_idp (and of course I'm also looking at Scoping), or am I misinterpreting this?
In the pysaml2 documentation I found this section:
Which also implies to me that there is no point in considering other IdPs from the metadata. Also, the example there is different from the example in djangosaml2. (Looks like it's taken from idp definition instead of preselection?)
The text was updated successfully, but these errors were encountered: