Service Provider Scoping | 51ºÚÁÏ²»´òìÈ Pass

Documentation 51ºÚÁÏ²»´òìÈ Pass 51ºÚÁÏ²»´òìÈ Pass Authentication

Service Provider Scoping service-provoider-scoping

Last update: Fri Dec 06 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Authentication

NOTE

The content on this page is provided for information purposes only. Usage of this API requires a current license from 51ºÚÁÏ²»´òìÈ. No unauthorized use is permitted.

Overview overview

The default implementation of an 51ºÚÁÏ²»´òìÈ Pass Authentication integration with an MVPD is based on the OLCA Specification. The Authentication Requirements section of the OLCA spec (6.5, Subject Identifier), states that it is possible to indicate the scoping of the Service Provider (SP) for the Subject identifier. (The subject identifier is the obfuscated User ID the MVPD returns to the SP.) In an 51ºÚÁÏ²»´òìÈ Pass Authentication integration, it is required that MVPDs enable scoping of the SP Authentication requests.

With 51ºÚÁÏ²»´òìÈ Pass Authentication taking on the role of SP for the Programmer, it is necessary to implement a customization that enables SP scoping of the Authentication request. This needs to be done so that the MVPD can identify the network brand passed in the SAML assertion to the MVPDâ€™s Identity Provider (IdP). Scoping can be implemented in one of the two ways described in the next section.

Service Provider Scoping service-provider-scoping

51ºÚÁÏ²»´òìÈ Pass Authentication supports the following two ways to enable SP scoping of Authentication requests:

The SAML Issuer Approach. In this approach, the â€œRequestor IDâ€ is appended to the SAML Issuer string in the SAML Authentication request.
The Custom Scoping Property Approach. In this approach, the â€œRequestor IDâ€ is included explicitly as a custom â€œScopingâ€ property in the SAML Authentication request.

NOTE

The â€œRequestor IDâ€ is how 51ºÚÁÏ²»´òìÈ Pass Authentication refers to the Programmerâ€™s network brand (for example: â€œCNNâ€ is one of the brands of the Turner network).

SAML Issuer Approach saml-issuer-approach

This approach uses the SAML <Issuer> element in the SAML Authentication request, as shown in this snippet:

...
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    http://saml.sp.adobe.adobe.com/on-behalf-of/requestorID
</saml:Issuer>
...

Custom Scoping Property Approach custom-scoping-property-approach

This approach uses a custom property named â€œScopingâ€, as shown in this snippet of a SAML authentication request:

...
<samlp:Scoping xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <samlp:RequesterID xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">requestorID</samlp:RequesterID>
</samlp:Scoping>
...

recommendation-more-help

3f5e655c-af63-48cc-9769-2b6803cc5f4b