SP Simplified Protocol Configuration and artifact resolution

Scott Koranda skoranda at gmail.com
Tue Nov 22 22:16:27 GMT 2011


I need to configure a specific SP (version 2.4.3) so that the
default session initiation is done using the artifact
resolution profile.

The current configuration uses the simplified form:

<SSO entityID="https://my.idp.server/idp/shibboleth" ECP="true" >

<Logout>SAML2 Local</Logout>

<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl=""/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>

I read on this page


"For advanced scenarios that require additional plugins or
options, additional explicit <SessionInitiator> elements can
be added to the end of the surrounding <Sessions> element."

Based on that I plan to add after the type="DiscoveryFeed"
Handler but before the closing </Sessions> element this:

<SessionInitiator type="SAML2" Location="/Login"
     ECP="true" acsIndex="3" />

<md:AssertionConsumerService Location="/SAML2/Artifact" index="3" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>

Is that the correct approach?

Since protocols.xml includes

<Binding id="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" path="/SAML2/Artifact" />

will there be a conflict between the initiator plugin
resulting from the <SSO> element with that I have explicitly


Scott K

More information about the users mailing list