Dynamic Identity Providers¶
Previously, any Identity Providers tenants wished to integrate with has to be hardcoded within the config of the Vivvo-sp. However, making this easily configurable - without deployment - was impossible.
Now, instead of storing the necessary provider data in static files, we are able to upload Provider metadata directly to the Vivvo-sp through CitizenOne Management.
CREATE TABLE idp_metadata ( provider_id varchar(36) not null primary key, provider_name varchar(100) not null, entity_id varchar(255) null, enabled tinyint(1) not null default 0, metadata text null, metadata_url varchar(255) null, strategy text not null, app_key varchar(36) null, api_key varchar(36) null, me_endpoint varchar(255) null, cookie_domain varchar(255) null, constraint entity_id unique (entity_id), constraint provider_name_unique unique (entity_id) );
provider_id: Generated UUID on creation.
provider_name: The name used to launch the Identity Provider flow, e.g. “…/saml/launch/<provider_name>”.
entity_id: The entityID within the SAML Metadata, autopopulated when uploaded in Management.
enabled: Allows use.
metadata: The SAML metadata supplied by the Identity Provider.
metadata_url: A URL to SAML metadata supplied by the Identity Provider. Not yet implemented!
strategy: The method to use when kicking off the flow, either ‘c1’ or ‘did-auth’.
app_key: The ClientID (app_key) of the Identity Provider application.
api_key: The Client Secret (api_key) of the Identity Provider application.
me_endpoint: The endpoint at which the user’s identity may be retrieved from the Identity Provider.
cookie_domain: The domain of the Service Provider.