[Openid-specs-ab] [External Sender] Re: IDP Hint for /authorization requests

Mischa Salle msalle at nikhef.nl
Wed Aug 3 11:43:41 UTC 2022 

Hi all,

FYI in the context of research and education a very common scenario is
an OP that needs to send the user via a "discovery page" to an e.g. SAML
IdP. The discovery page typically shows all the national federation
or global eduGAIN IdPs. The requirement to be able to bypass the
discovery and direct the user to a specific IdP let several groups to
implement idphinting.
Within the AARC community we have therefore come up with a standard that
originally used a parameter named idphint that contains the URL-encoded
SAML entityID of the IdP. This has later been changed and renamed into a
parameter that's more name-collision resistent aarc_idp_hint, see
https://zenodo.org/record/4596667
URL-encoding the value of the parameter is necessary for SAML entityIDs
which are URIs.

Best wishes,
Mischa Sallé

On Tue, Aug 02, 2022 at 03:52:42PM -0700, Vittorio Bertocci via Openid-specs-ab wrote:
> Well, there’s no guarantee that the IdP is connected to the OP/AS via OIDC-
> in fact protocol transition is super common. The actual IdP might have no
> notion of issuer.
> 
> On Tue, Aug 2, 2022 at 15:50 David Waite <david at alkaline-solutions.com>
> wrote:
> 
> >
> >   This message originated outside your organization.
> >
> >
> > But wouldn’t it usually be the issuer?
> >
> > Sent from my iPhone
> >
> > > On Aug 2, 2022, at 9:50 AM, George Fletcher via Openid-specs-ab <
> > openid-specs-ab at lists.openid.net> wrote:
> > >
> > > 
> > > All very relevant points. I was looking at it more as idp_hint=<string>
> > where <string> is defined by the specific OP and explicitly left out of
> > scope of the spec. All it does is standardize the name of the parameter and
> > let each implementation define its own syntax.
> >
> >
> >
> >

> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab


-- 
Nikhef                      Room  1.14
Science Park 110            Tel.  +31-6-4681 2202
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..

More information about the Openid-specs-ab mailing list