Question
I'm working on a research about some new usage of SSO. Basically I'm trying to find way how to intercept SAML Request which is sent from Service Provider to Identity Provider with some kind of IdP proxy or 3rd party service, which will hold the SAML Request and will provide some additional functionality to users. The desired process could look like this:
I have quite good experience with SimpleSAMLphp and configuring federation. But I my attempts to find some useful information about this kind of interception have failed. I add a super basic picture of the solution.(please don't laugh:) )
Does SAML support any kind of this processing? I'm open for discussion. I was also thinking to intercept the SAML after user signs in on IdP(to have redirection from IdP to 3rd part service proxy and then to SP)
Thank you for advices and your thoughts; hopefully, it's not totally stupid question
EDIT: During my research I came across technology/approach which is called IDP Proxy. Do you think that is feasible for my purpose? Basically, a SAML IdP Proxy is a bridge or gateway between a federation of SAML IdPs and a federation of SAML SPs. More about it for example here
Solution
I don't think this is possible, it's simply beyond the protocol. The SP provides a service, the IdP is responsible for user authentication. There seems to be no place for a 3rd party service between the two.
I guess you control (at least) either the SP or the IdP. Try to implement your survey (or whatever) at the provider you control.
As an alternative, you could try to implement your own IdP including a survey (or whatever) that uses the original IdP for authentication.
https://stackoverflow.com/questions/19014237
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian