OIDCfed support on SimpleSAMLphp

OpenID Connect Federation will provide the basis for multilateral connections between RPs and OPs in a scalable way. The standard is expected to be complete in September 2022, but to actually solve the scalability challenges it should be implemented natively in the central elements of the trust fabric. Adding OIDCfed support to Shibboleth will already been taken care of with support also from non-R&E companies, but many of the AAI proxies for research in the AARC BPA, and at research institutions, are running SimpleSAMLphp as the basis for their proxy.

Basic OpenID Connect RP and OP capabilities are now fully integrated in SimpleSAMLphp, the latter supported by the T&I incubator that enabled OP support to be integrated natively in the SSPHP core. But since we expect OIDCfed to kick off soon, and given its potential to really support scalability in OIDC, SSPHP really should grow native support for OIDCfed.

Provided that the OIDCfed specification has gone through final comment in Summer 2022, the T&I incubator is in an excellent position to add native OIDCfed support, with support for hierarchical trust path construction and the ability for policy filtering, to SSPHP, based on the previous success of its OIDC OP project.

• This activity will investigate and build a frst implementation of OIDCfed for simplesamlphp.
• Run a workshop together with proposer and onther intrested parties to determine MVP
• Setup test environment (probably deploying SaToSa or other pyOIDC based product) to test against

The following parties will use the results of this activity:

The following results were created and delivered:

• OIDCfed Testbed Architecture
• OIDC federation implementation
• CLI helper tool
• OIDCfed final demo