Used to broker between protocols aka "token translation".  The calling client uses OIDC and the request gets translated and forwarded to an SAML broker for authentication. After successful SAML authentication the returning assertion is validated and translated into OIDC in order for the calling client to understand the response. 

Note that consent is not handled by this authenticator. It has to be handled on SAML IDP side.


Name Description Default value Mandatory
sp The internal SAML service provider id, This is the SP exposed to the SAML idp N/A Yes
pipeIDAssertionConsume Id of the pipe consuming and validating the SAML assertion from the IDP N/A Yes
targetIDP The entitity ID of the SAML IDP to send the authentication request N/A Yes
binding SAML binding to use for sending back the assertion urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST No
addsignature Shuld the authentication request sent to SAML IDP be signed true No
entityID The entity ID of the internal SAML SP N/A Yes
authMethod Value will be used to verify that correct authentication method was used on SAML IDP urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport No

Example Configuration

    "alias": "brokerToSAML",
    "name": "OIDCToSAMLBroker",
    "configuration": {
        "pipeIDAssertionConsume": "assertionPipeValidation",