PhenixID DocumentationPhenixID Authentication ServicesSolutionsFederationSAML IdP - centralize assertion logic when IdP offers multiple authentication methods and/or service providers

SAML IdP - centralize assertion logic when IdP offers multiple authentication methods and/or service providers

This document describes how to centralize the assertion logic (=pipes) when having multiple authentication methods and/or services providers connected to the IdP.

The reader of this document should have some basic knowledge about PhenixID Server.

We will make changes to phenix-store.json, so make sure to have a recent  copy/backup of this file.

System requirements

- PhenixID Authentication Services v 2.7 or higher installed.

- PhenixID Authentication Services set up as a SAML Idp with at least two authentication methods or one authentication method plus SSO.

Overview

As every authentication method, and SSO, has a pipe connected to it, you must duplicate the pipe logic regarding assertion creation. The solution below will describe how to put this logic into one place and have the other pipes calling out to it.

Configuration

This document will show you an example of how to set it up:

https://support.phenixid.se/sbs/step-by-step-advanced-skolfederation-configuration/

Test

Test by using the different authentication methods and view the resulting SAML response to make sure the same settings and attributes apply.