Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sp('entityId') and idp('entityId) #549

Open
EagleTux opened this issue Jan 10, 2023 · 1 comment
Open

sp('entityId') and idp('entityId) #549

EagleTux opened this issue Jan 10, 2023 · 1 comment

Comments

@EagleTux
Copy link

Durring configuration with AzureAD i have made a discover and it is confusing me.
AzureAd tells me that the appid withthe sp('entityId') value is not on my tenant that was true.
The misleading is that the idp('entityId') was not send but entityId from the sp table one was.

After a moment i thouth that was natural way but all apps i had configure by now was authentified with my idp SAML was by the idp entityID with all others framework.

if Application uri is configured using AzureAD SAML Toolkit (wich is not possible as is without this app) mostly cause app uri outside domain must be validate as trusted one so i do not want to and appid is readonly.

To clarified the situation i need to understand the mean of idp('entityid') that is curently usless my case and of sp('entityId') that have to be put as the idp identifier of the app or if it is a bug.

@pitbulk
Copy link
Contributor

pitbulk commented Jan 13, 2023

An Entity ID is a value that identifies entities in a SAML federation.
We have Identity Providers (IdPs) and Service Providers (SPs) and each should be identified by a unique value.

When the circle of trust is created between identities:

  • SPs register IdP Entity IDs and its metadata (endpoints and public certs).
  • IdPs register SP Entity IDs and its metadata (endpoints and public certs).

In some environments you connect 1 IdP -1 SP, but in other scenarios you can need to connect 1 IdP - N SPs, or
N IdPs - 1 SP., or N IdPs - N SPs.

When there are many, the Entity ID needs to be unique, otherwise, you can't identify who sent the SAML Message.

That said, I don't understand much the issue you are experiencing.

This toolkits implements a Service Provider, so you must connect it with 1 or multiple IdPs, but never can't connect with other SP directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants