Dynamic Identity Providers

Previously, any Identity Providers tenants wished to integrate with has to be hardcoded within the config of the Vivvo-sp. However, making this easily configurable - without deployment - was impossible.

Now, instead of storing the necessary provider data in static files, we are able to upload Provider metadata directly to the Vivvo-sp through CitizenOne Management.

CREATE TABLE idp_metadata
(
    provider_id     varchar(36)            not null primary key,
    provider_name   varchar(100)           not null,
    entity_id       varchar(255)           null,
    enabled         tinyint(1)             not null default 0,
    metadata        text                   null,
    metadata_url    varchar(255)           null,
    strategy        text                   not null,
    app_key         varchar(36)            null,
    api_key         varchar(36)            null,
    me_endpoint     varchar(255)           null,
    cookie_domain   varchar(255)           null,
    constraint      entity_id              unique (entity_id),
    constraint      provider_name_unique   unique (entity_id)
);
  • provider_id: Generated UUID on creation.

  • provider_name: The name used to launch the Identity Provider flow, e.g. “…/saml/launch/<provider_name>”.

  • entity_id: The entityID within the SAML Metadata, autopopulated when uploaded in Management.

  • enabled: Allows use.

  • metadata: The SAML metadata supplied by the Identity Provider.

  • metadata_url: A URL to SAML metadata supplied by the Identity Provider. Not yet implemented!

  • strategy: The method to use when kicking off the flow, either ‘c1’ or ‘did-auth’.

  • app_key: The ClientID (app_key) of the Identity Provider application.

  • api_key: The Client Secret (api_key) of the Identity Provider application.

  • me_endpoint: The endpoint at which the user’s identity may be retrieved from the Identity Provider.

  • cookie_domain: The domain of the Service Provider.