IdP/SP connection
Cantor, Scott
cantor.2 at osu.edu
Fri Jan 20 14:57:31 GMT 2012
On 1/20/12 5:32 AM, "enache alex" <alex_e_fii at yahoo.com> wrote:
>I'm having trouble figuring out how exactly does the IdP know to which
>end point to send the assertion. For example, the IdP receives an
>AuthnRequest and it must issue the assertion. But how does the IdP
>chooses to which end point of the SP to send that assertion?
The SP includes the URL to respond to in the request. The URL is generated
by the SP based on the resource being accessed to ensure the same virtual
host is used. The URL in turn has to be in the metadata.
As Rod said, your excerpt indicates your entityID and URLs are
nonsensical. You must assign a logical entityID. That is explained in the
wiki. You must also configure the web server or in the case of IIS the
<ISAPI> element in the SP configuration to understand its virtual host
identity.
>Some configuration excerpts would be great.
The excerpts are already in the files. We can't tell you anything when we
don't know anything about your systems or your intent.
-- Scott
More information about the users
mailing list