[mitreid-connect] Trust between 2 IDPs (IDP federation).
Yannick Béot
yannick.beot at gmail.com
Wed Oct 5 11:16:13 EDT 2016
Hi,
The RP should be able to do that actually.
The access token is a JWT (as other products do). Therefore, based on the
"iss" claim, the RP should be able to know which IDP to call.
If you want one instance to do it, you would need to overwrite the class
org.mitre.oauth2.web.IntrospectionEndpoint which is responsible of the
token validation and implement the logic you describe. In any case, it is
not possible out-of-the-box.
Y.
On Wed, Oct 5, 2016 at 4:23 PM, Michael Furman <michael_furman at hotmail.com>
wrote:
> Hi all,
>
> Is it possible to configure trust between 2 IDPs?
>
> Is the IDP federation supported by specs?
>
> I do not mean IDP clustering (or high availability).
>
> I want to be able to configure the primary IDP and the secondary IDP.
>
> Each IDP can have its own user repository.
>
> RP always works with the primary IDP.
>
> If a user authentication is failed against the primary IDP, the primary
> IDP negotiates with the secondary IDP.
>
> Is it possible?
>
> Thank you in advance for your help.
>
> Best regards,
>
> Michael
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161005/df41fd9c/attachment.html
More information about the mitreid-connect
mailing list