Internal Attributes

Internal Attributes mapping setup is a very critical part of didmos2-auth configuration. In the SATOSA Flow section of this document, it is mentioned that didmos2-auth which is based on SATOSA constitutes of three layers: Frontend, Microservices, and Backend. The Frontend and Backend are protocol specific, whereas the microservices are protocol agnostic. The internal attributes structure enables this scheme. If you want to know more about internal attributes mapping and idea behind it, please refer to this link.

In didmos2-auth, internal attributes mapping is placed at: customer-auth/didmos2-auth/config/internal_attributes.yaml. Taking the following example internal attribute mapping:

fe_username:
    openid: [preferred_username]
    saml: [name]

In the above example internal attributes mapping snippet, if either any of the didmos2-auth backends, or any response microservice would set the attribute fe_username, then for the OIDC Frontend, this would be translated to preferred_username openid claim, and for SAML Frontend, this would be translated to name assertion.