Thanks for the feedback, let me experiment with this and get back to you. Colm.
On Thu, Aug 17, 2017 at 2:15 PM, Francesco Chicchiriccò <[email protected] > wrote: > On 15/08/2017 18:38, Colm O hEigeartaigh wrote: > >> Currently, Syncope only supports RP-initiated SAML SSO. It would be nice >> to >> support IdP initiated SAML SSO as well. >> >> I have got this working in an interop test with Okta, by commenting out >> the >> RelayState processing, and removing passing >> relayState.getJwtClaims().getSubject() through to the validation process. >> >> Any thoughts on how best to handle this scenario? Add a configuration >> switch to allow the IdP initiated flow for a given IdP? >> > > Hi Colm, > the relay state processing and validation could be optionally disabled > according to some switch passed to the Agent by the IdP itself (as a > request param, for example) and then added by the Agent into the REST call > which ends up in SAML2SPLogic. > > Having a further setting for IdP conf to explicitly authorize > IdP-initiated scenarios makes sense too, to me. > > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
