Issue SAML Assertions
- wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
- Stefan Paetow
- hlf
- Alejandro Perez
A Moonshot Identity Provider can release information about the user that is being authenticated through the use of SAML embedded in the RADIUS traffic. This page lists the options available to an Identity Provider administrator to achieve this.
Currently, Option 1 is the preferred option as it presents the most flexible and capable solution. Option 2 lacks flexibility, and Option 3 has undesirable implications for managing attribute release.
Option 1 - The FreeRadius Moonshot SAML module
- Here you will find instructions on how to configure the ABFAB IDP FreeRadius module to issue SAML assertions from the RADIUS IdP.
Option 2 - Issuing SAML Assertions hard-coded in the RADIUS Server
- Here is information on another option for handling SAML assertions (for use with very simple deployments or for testing purposes only).
Option 3 - Using an existing SAML Identity Provider
- Here you will find instructions on what to do if your organisation already has a SAML Identity provider and wishes to re-use that to issue SAML assertions.
Option 4 - Using SAML components co-located on the RADIUS server
- This page includes instructions on how to configure software to issue SAML on the same server as the RADIUS server.