AssertionConsumerService in metadata and AuthnRequest

37 views

Skip to first unread message

Charles Colbourn

unread,

Mar 7, 2011, 10:46:59 AM3/7/11

to simple...@googlegroups.com

Hi,

could someone help me out with this one? The consumer of this particular
SSO service could be one of a number of different hosts running the same
application, and the user needs to be redirected back to the one that
originates the request. There is the AssertionConsumerService URL in the
AuthnRequest, but the IdP always redirects to the URL specified in the
metadata (saml20-sp-remote.php). Can the redirect go to the URL
specified in the request or do I have to have a separate Issuer for each?

Thanks,

Charles

Peter Schober

unread,

Mar 7, 2011, 10:57:39 AM3/7/11

to simple...@googlegroups.com

* Charles Colbourn <charles....@manheim.co.uk> [2011-03-07 16:48]:

You could have several AssertionConsumerService endpoints in the
metadata, one for each host. This works for SSO but does not work for
SLO (because only one SLO request will be sent and with the HTTP
redirect binding this means only the sessions on that one vhost will
be terminated).
Alternatively you could turn every single host into its own logical
SP, each with its own EntityDescriptor at the IdP.
-peter

Reply all

Reply to author

Forward

0 new messages