Overview
This page lists several of the known OpenID to SAML gateway implementations, and provides information about how they operate.
IDCorral Shibboleth IdP Proxy
Background
The IDCorral Shibboleth IdP Proxy is a proof-of-concept for proxying OpenID login for Shibboleth-enabled applications. Since it is only a proof-of-concept, it was implemented with JanRain Engage as the mechanism by which a user selects his/her ID provider. JanRain Engage also aggregates OpenID/OAuth/Facebook Connect into a unified API so that the implementing service – in this case the Shibboleth IdP proxy – has a consistant set of attributes to work with.
The original writeup on this concept can be found here: http://lucasrockwell.com/other/idpproxy.html
Attributes Available from Identity Providers
What attributes does the external IDP offer? |
The attributes which JanRain Engage offeres up for each provider is listed here: https://rpxnow.com/docs/providers |
What attributes do you ask for? |
All of the attributes listed under "Basic Profile" are returned regardless. |
Which attributes require user consent ? |
All of them. |
Given Name |
givenName |
Family Name |
sn |
Display Name |
displayName |
Verified Email |
|
Preferred Username |
eduPersonPrincipalName* |
*At this time, the eduPersonPrincipalName is set by the user the first time he/she logs in, and the Preferred Username is used as a guide for setting this information. The Preferred Username can not be taken at face value because it is not guaranteed to be unique.
Name of Identify Provider
What attributes does the external IDP offer? |
|
What attributes do you ask for? |
|
Which attributes require user consent ? |
|
(name of input attribute) |
repeat this row for each input attribute. This column should contain the name, value, syntax, and semantics of the SAML attribute that you assert using this input value. |