问题
As we know from this documentation ,
If you add in the SAML Request the fidp query parameter with the Home Realm Identifier value , WSO2 Identity Server can use this information and respond with the specified login.
My question is if it is possible the opposite procedure in any way. If it is possible the WSO2 Identity Server to provide (as a claim ? ) the Home Realm Identifier value in the SAML Array Response.
The question concerns the latest public available WSO2 Identity Server version (5.3.0)
回答1:
It seems like you want the list of authenticated IdP with the response. There's a service provider level configuration for this but the IdP information will be sent as a response parameter and not as a part of the SAML response.
In the management console service provider configs, expand the Local & Outbound Authentication Configuration section and tick Always send back the authenticated list of identity providers.
The response parameter name is AuthenticatedIdPs and the value is a base64 endcoded JWT.
来源:https://stackoverflow.com/questions/46887680/return-home-realm-identifier-wso2-identity-server