For use-cases such as AWS Console access, we need to support IdP initiated SSO. This flow is described here:
We would need the ability to register SP links in Ipsilon that can be
used to perform IdP initiated SSO when clicked. The way I see this
working would be:
User goes to Ipsilon and logs in.
Registered SPs that support IdP initiated SSO are shown as links.
User clicks on desired SP link, which generates an assertion and does
a POST to the SP (using a configurable IdP intiated URL in the SP config)
From a UI/configuration standpoint, I envision a checkbox on the SP
config page to enable IdP initiated SSO per-SP. If this is checked, you
can fill in a POST URL and the text to display for the link (a
configurable image would be a nice addition too).
milestone: => 1.1
One correction to the initial description is that the URL to POST to should come from the SP metadata instead of making it a configuration setting.
milestone: 1.1 => 1.2
owner: => rcritten
status: new => accepted
patch_available: 0 => 1
resolution: => fixed
status: accepted => closed
Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.2
to comment on this ticket.