SAML IdP - centralize assertion logic when IdP offers multiple authentication methods and/or service providers
This document describes how to centralize the assertion logic (=pipes) when having multiple authentication methods and/or services providers connected to the IdP.
The reader of this document should have some basic knowledge about PhenixID Server.
We will make changes to phenix-store.json, so make sure to have a recent copy/backup of this file.
System requirements
- PhenixID Authentication Services v 2.7 or higher installed.
- PhenixID Authentication Services set up as a SAML Idp with at least two authentication methods or one authentication method plus SSO.
Overview
As every authentication method, and SSO, has a pipe connected to it, you must duplicate the pipe logic regarding assertion creation. The solution below will describe how to put this logic into one place and have the other pipes calling out to it.
Configuration
This document will show you an example of how to set it up:
https://support.phenixid.se/sbs/step-by-step-advanced-skolfederation-configuration/
Test
Test by using the different authentication methods and view the resulting SAML response to make sure the same settings and attributes apply.