OpenAM SAML2 Transient Federation and Persistent Federation

This topic has 6 replies, 2 voices, and was last updated 8 months, 3 weeks ago by BassemMahmoud.

  • Author
    Posts
  • #27095
     BassemMahmoud
    Participant

    Is it applicable to configure OpenAM service provider to support both SAML2 Transient federation and persistent federation at the same time from different IDP and how can we configure this?

    (Note: now we did not store user identity in SP)

    Also is it applicable to map different SAML Assertion Attribute in SAML response Coming from different IDP to the same attribute in OpenAM service provider if we implemented both SAML2 Transient federation and persistent.

    example :
    if IDP1 send the userEmail as “UserEmail”
    and IDP2 send useremail as “email”

    how we can map this in our service provider.

    #27096
     BassemMahmoud
    Participant

    @rajeshr @peter-major

    any advice please

    #27098
     Scott Heger
    Participant

    I would recommend creating two different Hosted SP entities and pair each with their specific IDP in their own circle of trust. This way you can define how each pair interacts with each other and clearly identify how to handle the responses from each IDP.

    #27100
     BassemMahmoud
    Participant

    it is not applicable to register the same URL (Server) as a two different service Provider
    @shegergmail-com

    #27102
     Scott Heger
    Participant

    Yes you can.

    #27103
     BassemMahmoud
    Participant

    @shegergmail-com
    how we can do that?

    #27139
     BassemMahmoud
    Participant

    @shegergmail-com
    how we can do that?

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?