SP Simplified Protocol Configuration and artifact resolution
Scott Koranda
skoranda at gmail.com
Tue Nov 22 22:16:27 GMT 2011
Hi,
I need to configure a specific SP (version 2.4.3) so that the
default session initiation is done using the artifact
resolution profile.
The current configuration uses the simplified form:
<SSO entityID="https://my.idp.server/idp/shibboleth" ECP="true" >
SAML2
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
I read on this page
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceSSO
"For advanced scenarios that require additional plugins or
options, additional explicit <SessionInitiator> elements can
be added to the end of the surrounding <Sessions> element."
Based on that I plan to add after the type="DiscoveryFeed"
Handler but before the closing </Sessions> element this:
<SessionInitiator type="SAML2" Location="/Login"
isDefault="true"
entityID="https://my.idp.server/idp/shibboleth"
ECP="true" acsIndex="3" />
<md:AssertionConsumerService Location="/SAML2/Artifact" index="3" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
Is that the correct approach?
Since protocols.xml includes
<Binding id="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" path="/SAML2/Artifact" />
will there be a conflict between the initiator plugin
resulting from the <SSO> element with that I have explicitly
configured?
Thanks,
Scott K
More information about the users
mailing list