Request Parameters


Sometimes an application will provide information that needs to be passed on to the Identity Provider.  The information can be passed in several ways:

  • http body
  • http header
  • SAML extension
  • URL parameter
  • OAuth/OpenID Claim

Similarly, the Identity provider can accept these parameters as one of the ways as listed above.  Since IDHub can orchestrate between a SAML SP and an OAuth IDP, we have built a mechanism that can pass these parameter values from one SP Type to any other IDP Type. 

Note that the parameter values will remain unchanged. 

How to configure

  1. Create a parameter name (for example "Language") in the menu item 'Request Parameters'
    This is the definition for the parameter to be passed. It can be configured on multiple Service and Identity Providers.
  2. Go to the Service provider settings (wrench icon)
    1. Add a parameter
    2. Set the SP parameter name (eg. "lang")
    3. Chose the corresponding parameter name ("Language")
    4. Define the source; how the Service Provider is passing the parameter (eg. "URL Parameter")
    5. Save and close
  3. Go to the Identity Provider settings
    1. Add a parameter
    2. Set the Identity Provider parameter name (eg. "locale")
    3. Chose the corresponding parameter name ("Language")
    4. Define the source; how the Identity Provider is receiving the parameter (eg. "Body")
    5. Save and close

Scenario for parameters

  1. User A opens a website, and changes the language to French

  2. User A wants to access a secured part of the application, the query parameter "lang=FR" is added to Authentication Request from the SP, and an equivalent parameter and value is also sent to the Identity Provider

  3. User A is redirected to IDP and the log-in screen is shown in French

Scenario for claims

  1. The user initiates a payment request (containing a recipient & amount)

  2. The banking application sends an authN request to IDHub, containing the claims "recipient" & "amount"

  3. IDHub sends the AuthN request to the banking app to confirm, passing the claims "beneficiary" and "amount"

  4. User authenticates to confirm the transaction

  5. IDP Confirms to IDHub, which in turn confirms to the Banking App that the AuthN is successful, confirming the transaction.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.