Proposal is to use SimpleSAMLphp as a SP for the proxy w/ some additional capabiliteis to collect data from logs of proxy.
- proxy = IdP, profile page is SP → "all my data" is just print($attributes)
- syslog server as the standard interface for pushing data from proxy, cron job on SSP side to process towards SSP profile page DB.
→ Cron job and syslog server do not even have to be run on the actual SSP SP (so could also be e.g. a python script), as long as the end result 'fits' in the profile page DB tables.
→ Cron job may also contain required "business logic" as not all attributes shown to the user on "all my data page" will make sense. Some might e.g. be targetted towards specific SPs behind the proxy and hence wth value shown in all my data is not correct, The transactions page will be able to schow the real value however, so just use coments and other nformation on teh all may data page to explain this to the user. - Also support OIDC
- Revocation:
- OIDC Access token revocation wanted, may be direct into e.g. SaToSa mongo DB, perhaps abstration layer is needed (API or the likes)
- SAML consent revocation may work in te same way, by directly interacting with the consent module DB
- Probaly have the implementation such that these classes can be extended