By Damien Carru on Apr 18, 2014
When OIF acts as a Service Provider, it:
- Validates the incoming SSO response from the IdP
- Maps the SSO response to an LDAP user record
- Extracts the user identifier and optional attributes contained in the SSO response and stores them in the OAM session.
Those attributes stored in the OAM session can later be used:
- In Authorization Policies, where the conditions/rules will evaluate the attributes in the OAM session
- As Policy Responses to provide those attributes to web applications protected by WebGate/OAM, as HTTP Headers or cookies
In this article, I will discuss how OIF acting as a Service Provider can be configured to:
- Process attributes contained in an incoming SAML Assertion or OpenID SSO Response to map the names of incoming attributes to local names.
- Request attributes from the OP via the OpenID protocol (SAML does not provide a way for SPs at runtime to request attributes from the IdP during a Federation SSO operation)
Enjoy the reading![Read More]