IdP/SP connection

Cantor, Scott cantor.2 at
Fri Jan 20 14:57:31 GMT 2012

On 1/20/12 5:32 AM, "enache alex" <alex_e_fii at> wrote:

>I'm having trouble figuring out how exactly does the IdP know to which
>end point to send the assertion. For example, the IdP receives an
>AuthnRequest and it must issue the assertion. But how does the IdP
>chooses to which end point of the SP to send that assertion?

The SP includes the URL to respond to in the request. The URL is generated
by the SP based on the resource being accessed to ensure the same virtual
host is used. The URL in turn has to be in the metadata.

As Rod said, your excerpt indicates your entityID and URLs are
nonsensical. You must assign a logical entityID. That is explained in the
wiki. You must also configure the web server or in the case of IIS the
<ISAPI> element in the SP configuration to understand its virtual host

>Some configuration excerpts would be great.

The excerpts are already in the files. We can't tell you anything when we
don't know anything about your systems or your intent.

-- Scott

More information about the users mailing list