Trust and Internet Identity Meeting Europe
Feb 2020: Workshops and Unconference

SaToSa

(Matthew Economou)

Chris: We have 2 proxy use cases, therefore looking into SATOSA: (1) enabling SAML-SPs to talk to more than 1 IDP, and (2) switch over to a disaster recovery/fail-over IDP

Matthew E. presenting the Federation gateway schema (-> picture)

  • incoming SAML assertions will be processed by various microservices to massage the attribute statement, like the right uid, augmenting attributes from LDAP, before issuing a new assertion to the requesting SP.

Showing an installation on a centos7 machine. Installation straight into the VM via pip.