External authentication interface: We actually need 2 methods: one to prepare the request to send to the IDP, one to handle the answer sent by the IDP: 1. Prepare request: * input o Attributes list (requested attributes + mandatory/optional) o QAA level o HTTP parameters o HTTP headers o AuProcessId (is this needed?) * output o Return IDP URL and HTTP parameters to Struts o Exception 2. Analyse answer: * input o HTTP parameters o HTTP headers * output o Fill attributes table o Exception Other specific implementations: * Attributes providers may be called from the specific authentication implementation; we do not see the need for a separate interface. Furthermore, the border between an IDP and an AP is quite vague. In case we want, for instance to redirect to an IDP, then to redirect to 2 AP (or 3, or 5, ...), it would be rather complex to implement a generic mechanism to handle a kind of list of redirects. An easy solution is to implement the support for only one redirect, and, if someone needs more, they hide their own handling of multiple redirects behind the one we support. We then cover all cases, without complexifying the implementation.
| Hardware | None |
| Product | C-PEPS |
| Operating System | None |
| Component | Authentication Business logic |
| Version | None |
| Severity | enhancement |
| Resolution | None |
Comments
Please, see the answer in the attached text file.
Implmented in version 0.2.