SAML Auth via SU IdP

Resources:
- [Overall description](https://uit.stanford.edu/service/saml)

Steps:
- Create workgroup for geomatch staff (already request geomatch stem)
- Will need to add GeoMatch to [SPDB](https://spdb.stanford.edu/)
- If AWS Cognito ALB SP supports [signing requests](https://uit.stanford.edu/service/SAML/skipendpointvalidation) then we don't have to add callback URLs (assertion consumer service). It doesn't mention how to provide public key to Stanford IdP. 
- Need to map eduPersonEntitlement ([see here](https://uit.stanford.edu/service/saml/arp)) and then authorize based on that
- Cognito might not be able to do authz because it doesn't support challenges for[ federated authn](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html#lambda-triggers-for-federated-users). But, we can instead just return an error in post-authn lambda. [Errors will cause authn to fail](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SAML Auth via SU IdP #16

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

SAML Auth via SU IdP #16

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions