Profile Handling and Relying Party Configuration Management

Profile Handling

TODO

Relying Party Configuration Management

When a relying party makes a request of the identity provider, the IdP may wish to use a configuration tailored to the requester when responding. Such configurations are known as relying party configuration.

Relying Party Configuration

A relying party configuration (RPC) is a set of configuration options that apply to a given relying party. Every RPC contains, at least:

The profile configurations indicate whether a particular communication profile is enabled for use with the relying party and any special configuration options for that profile. Example communication profiles would be SAML 1 attribute queries, SAML 2 SSO requests, and ADFS v1 authentication request.

Relying Party Configuration Resolver

The IdP component responsible for keeping track of, and selecting the appropriate, RPC for a given request is the Relying Party Configuration Resolver.

The RPC for a request is selected by iterating through the ordered list of registered RPCs and evaluating the current profile request context against the RPC's criteria. The first RPC with a criteria to return an affirmative result is the RPC that's used for the request.

In addition, the resolver stores a special RPC that is used when the IdP deems a particular requester to be "anonymous". This usually occurs when the request does not identify the requester or the identity can not be verified.