No shared state IdP with external user directory¶
- We start with the SAML 2.0 IdP
- We first added a deterministic NameID generation mode, by adding a new NameID format setting, called eduPersonTargetedId. In this mode the NameID is computed as
hex(sha1(username+entity_id+django_secret_key))
.
- Next step is to define a a deterministic way of generating Session Indexes as
hex(sha1(NameID+django_session_key))
. Lasso is automatically generating a session index when the service provider has a logout endpoint, a session should be generated using the deterministic algorimth (after the call to lasso_login_build_assertion
) only if Lasso has also set one.
- Final step will be to store the list of SP for which a session is open in the django session and not in models, method to modify are
saml.common.load_session
and saml.common.save_session
. Session index should only be saved if there is one.