Profile Handling and Relying Party Configuration Management
Relying Party Configuration Management
When a relying party makes a request of the identity provider, the IdP may wish to use a configuration tailored to the requester when responding. Such configurations are known as relying party configuration.
Relying Party Configuration
A relying party configuration (RPC) is a set of configuration options that apply to a given relying party. Every RPC contains, at least:
- a unique, within the IdP, identifier that is used mostly for logging purposes
- criteria that determines if the RPC applies for a given request
- a set of profile configurations
The profile configurations indicate whether a particular communication profile is enabled for use with the relying party and any special configuration options for that profile. Example communication profiles would be SAML 1 attribute queries, SAML 2 SSO requests, and ADFS v1 authentication request.
Relying Party Configuration Resolver
The IdP component responsible for keeping track of, and selecting the appropriate, RPC for a given request is the Relying Party Configuration Resolver.
The RPC for a request is selected by iterating through the ordered list of registered RPCs and evaluating the current profile request context against the RPC's criteria. The first RPC with a criteria to return an affirmative result is the RPC that's used for the request.
In addition, the resolver stores a special RPC that is used when the IdP deems a particular requester to be "anonymous". This usually occurs when the request does not identify the requester or the identity can not be verified.