SAML Proxy Service
To integrate SPs with special requirements into the SWITCHaai federation, SWITCH can set up a proxy service.
The proxy service is able to translate the authentication and authorization protocol between the SWITCH edu-ID IdP and the service provider. It acts as an SP towards the SWITCH edu-ID IdP, and as IdP towards the service provider.
Possible applications of the proxy service are:
- Providing attributes which are required by the service provider, that are not directly supported by the SWITCHaai federation.
Proxy Authentication Flow
- The user attempts to access a service
- The service places an authentication request at the proxy
- The proxy rewrites the authentication request which is SWITCHaai federation compliant
- The edu-ID IdP requests the user to log in
- The user authenticates
- The edu-ID IdP sends an assertion to the proxy
- The proxy rewrites the assertion in a format the service is able to process.
Note that the above flow is completely transparent for a user.
The proxy service is operated by SWITCH.
The organization having a contract with the service provider is responsible for the technical contact.
Costs for operating a proxy can be charged to an organization.