A Moonshot Identity Provider can release information about the user that is being authenticated through the use of SAML embedded in the RADIUS traffic. This page lists the options available to an Identity Provider administrator to achieve this.
Currently, option Option 1 is the preferred option as it presents the most flexible and capable solution. Option 2 lacks flexibility, and Option 3 has undesirable implications for managing attribute release.
Option 1 -
- Here you will find instructions on how to configure software the ABFAB IDP FreeRadius module to issue SAML on the same server as the RADIUS serverassertions from the RADIUS IdP.
Option 2 - HardIssuing SAML Assertions hard-coded in the RADIUS Server
- Here is information on another option for handling SAML assertions (for use with very simple deployments or for testing purposes only).
- Here you will find instructions on what to do if your organisation already has a SAML Identity provider and wishes to re-use that to issue SAML assertions.
- This page includes instructions on how to configure software to issue SAML on the same server as the RADIUS server.