Multiple Delegated OIDC Identity Providers
36 views
Skip to first unread message
Markus Ballmann
Oct 11, 2024, 11:38:17 AM10/11/24
to CAS Community
Hello,
we have a bunch of IDP which are connected to our CAS instance via OIDC delegated auth.
additionally we have around 70 Services which are using our CAS instance as SSO "CasRegisteredService" or "OidcRegisteredService".
For customers, it's possible to decide which IDP to use, or do some auto resolve, via URL.
Everything works perfectly fine. During onboarding of new IDP's we came across an IDP which uses no form of GUID, or other steps to make sure that the "sub" of the Identiy Token is unique outside of the IDP scope.
Is there an possibility to configure that the received sub is enriched, to minimize the risk of collisions, with another IDP.
If there is no possibility to to it already, would that be something usefull to make PR?
br
additionally we have around 70 Services which are using our CAS instance as SSO "CasRegisteredService" or "OidcRegisteredService".
For customers, it's possible to decide which IDP to use, or do some auto resolve, via URL.
Everything works perfectly fine. During onboarding of new IDP's we came across an IDP which uses no form of GUID, or other steps to make sure that the "sub" of the Identiy Token is unique outside of the IDP scope.
Is there an possibility to configure that the received sub is enriched, to minimize the risk of collisions, with another IDP.
If there is no possibility to to it already, would that be something usefull to make PR?
br
Reply all
Reply to author
Forward
0 new messages