You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A feature exists in EB where it can sub-scope the available IdPs for an SP if this SP passes it as a RequesterID in the authentication request and we know this remote SP: the allowed IdPs of this remote SP are then used to filter the allowed IdPs for the authenticating SP. The feature actually loops over all supplied RequesterIDs not just the last one.
This is a subset of the later introduced trusted proxy feature. A trusted proxy can do this plus more powers (ARP, PDP etc on behalf of the other SP.
The question is whether this is a useful feature to keep (as is), or if trusted proxy has superseeded it and it's obsolete. The code is not very problematic (unchanged for 10 years, has tests) but on the other hand is ran on every authentication so if it's not needed it should probably be cleaned up.
You are using this feature if you add SPs to Manage that are not directly connected but are behind other (connected) SP's. Or more concretely, if you run EB >= 6.9.1 and you log info level messages and you have the following messages in your log: SP passes RequesterID '$requesterId', using it to sub-scope the available IdPs
The text was updated successfully, but these errors were encountered:
A feature exists in EB where it can sub-scope the available IdPs for an SP if this SP passes it as a RequesterID in the authentication request and we know this remote SP: the allowed IdPs of this remote SP are then used to filter the allowed IdPs for the authenticating SP. The feature actually loops over all supplied RequesterIDs not just the last one.
This is a subset of the later introduced trusted proxy feature. A trusted proxy can do this plus more powers (ARP, PDP etc on behalf of the other SP.
The question is whether this is a useful feature to keep (as is), or if trusted proxy has superseeded it and it's obsolete. The code is not very problematic (unchanged for 10 years, has tests) but on the other hand is ran on every authentication so if it's not needed it should probably be cleaned up.
You are using this feature if you add SPs to Manage that are not directly connected but are behind other (connected) SP's. Or more concretely, if you run EB >= 6.9.1 and you log info level messages and you have the following messages in your log:
SP passes RequesterID '$requesterId', using it to sub-scope the available IdPs
The text was updated successfully, but these errors were encountered: