Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
simplesamlphp-scoping.md 3.62 KiB

Scoping

Scoping allows a service provider to specify a list of identity providers in an authnRequest to a proxying identity provider. This is an indication to the proxying identity provider that the service will only deal with the identity providers specified.

A common use is for a service provider in a hub-and-spoke architecture to manage its own discovery service and being able to tell the hub/proxy-IdP which (backend-end) identity provider to use. The standard discovery service in SimpleSAMLphp will show the intersection of all the known IdPs and the IdPs specified in the scoping element. If this intersection only contains one IdP, then the request is automatically forwarded to that IdP.

Scoping is a SAML 2.0 specific option.

Options

SimpleSAMLphp supports scoping by allowing the following options:

ProxyCount
Specifies the number of proxying indirections permissible between the identity provider receiving the request and the identity provider who ultimately authenticates the user. A count of zero permits no proxying. If ProxyCount is unspecified the number of proxy indirections is not limited.
IDPList
The list of trusted IdPs, i.e. the list of entityIDs for identity providers that are relevant for a service provider in an authnRequest.

Note

SimpleSAMLphp does not support specifying the GetComplete option.

Usage