How do I specify a AssertionConsumerServiceURL?
67 views
Skip to first unread message
Rayhan Muktader
Jun 11, 2015, 3:17:39 PM6/11/15
to simple...@googlegroups.com
I am trying to setup a SP for the first time. But I cannot change the 'AssertionConsumerServiceURL' in the header. It is always 'http://myapp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp'
This what I have in saml-20-idp-remote.php:
$metadata['https://idp-dv.mygateway.com'] = array(
'name' => array(
'en' => 'myGateway',
),
'SingleSignOnService' => 'https://idp-dv.mygateway.com/SAML/SSOService.aspx',
'SingleLogoutService' => 'https://idp-dv.mygateway.com/SAML/SSOService.aspx',
'AssertionConsumerServiceURL' => 'http://google.com',
'Location' => 'http://google.com',
);
Peter Schober
Jun 11, 2015, 8:23:11 PM6/11/15
to simple...@googlegroups.com
* Rayhan Muktader <rmuk...@gmail.com> [2015-06-11 21:17]:
What's the problem you're trying to solve?
> This what I have in saml-20-idp-remote.php:
>
> $metadata['https://idp-dv.mygateway.com'] = array(
> 'name' => array(
> 'en' => 'myGateway',
> ),
> 'SingleSignOnService' =>
> 'https://idp-dv.mygateway.com/SAML/SSOService.aspx',
> 'SingleLogoutService' =>
> 'https://idp-dv.mygateway.com/SAML/SSOService.aspx',
> 'AssertionConsumerServiceURL' => 'http://google.com',
> 'Location' => 'http://google.com',
> );
An IDP does not consume SAML assertions, as such it does not have an
AssertionConsumerServiceURL (and whatever google.com should be there),
so that's nonsense.
-peter
> I am trying to setup a SP for the first time. But I cannot change
> the 'AssertionConsumerServiceURL' in the header. It is always
> 'http://myapp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp'
It's not configurable, so it is what it is.
> the 'AssertionConsumerServiceURL' in the header. It is always
> 'http://myapp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp'
What's the problem you're trying to solve?
> This what I have in saml-20-idp-remote.php:
>
> $metadata['https://idp-dv.mygateway.com'] = array(
> 'name' => array(
> 'en' => 'myGateway',
> ),
> 'SingleSignOnService' =>
> 'https://idp-dv.mygateway.com/SAML/SSOService.aspx',
> 'SingleLogoutService' =>
> 'https://idp-dv.mygateway.com/SAML/SSOService.aspx',
> 'AssertionConsumerServiceURL' => 'http://google.com',
> 'Location' => 'http://google.com',
> );
AssertionConsumerServiceURL (and whatever google.com should be there),
so that's nonsense.
-peter
Rayhan Muktader
Jun 12, 2015, 9:13:19 AM6/12/15
to simple...@googlegroups.com, peter....@univie.ac.at
The problem I am trying to solve: Connect to a IDP build on .net
I examined the headers sent by other SPs and I see that they all contain AssertionConsumerServiceURL in the header. I want to put in my own AssertionConsumerServiceURL and do a dump of what is being returned by the IDP.
Peter Schober
Jun 16, 2015, 6:46:18 AM6/16/15
to simple...@googlegroups.com
* Rayhan Muktader <rmuk...@gmail.com> [2015-06-12 15:13]:
to examine "the headers sent by other SPs", you can rely on
SimpleSAMLphp following the SAML specification, which is what counts.
If you want to see what data your SSP IDP sends in a SAML response the
easiest way is to look at the SAML assertion in transit, i.e. grab it
from the web browser (e.g. using the SAML tracer extension for Mozilla
Firefox), though that will only show you the actual attributes if the
assertion is not encrypted.
Debug logging seems another possibility.
-peter
> The problem I am trying to solve: Connect to a IDP build on .net
> I examined the headers sent by other SPs and I see that they all
> contain AssertionConsumerServiceURL in the header. I want to put in my own
> AssertionConsumerServiceURL and do a dump of what is being returned by the
> IDP.
I don't know what "headers" you're talking about, and you don't need
> I examined the headers sent by other SPs and I see that they all
> contain AssertionConsumerServiceURL in the header. I want to put in my own
> AssertionConsumerServiceURL and do a dump of what is being returned by the
> IDP.
to examine "the headers sent by other SPs", you can rely on
SimpleSAMLphp following the SAML specification, which is what counts.
If you want to see what data your SSP IDP sends in a SAML response the
easiest way is to look at the SAML assertion in transit, i.e. grab it
from the web browser (e.g. using the SAML tracer extension for Mozilla
Firefox), though that will only show you the actual attributes if the
assertion is not encrypted.
Debug logging seems another possibility.
-peter
Reply all
Reply to author
Forward
0 new messages