Alternate SSO URL for SP
Ian Young
ian at iay.org.uk
Fri Jun 8 14:41:09 BST 2012
On 8 Jun 2012, at 14:18, Cantor, Scott wrote:
> The SP only knows what IdP to use. That's the only thing you can give to
> initiate a session, and from there it looks up the entity, chooses the
> bindings you configure it with (it usually just defaults that) and finds
> the SSO URL to use. There is no option to give it a location to use.
> That's what metadata is for.
I guess I was engaging in some sloppy thinking; it's possible to use arbitrary URLs as long as you're talking about SAML 1.1 and the Shibboleth authentication request but not if you're using SAML 2.0.
> If you want different SPs to interact with a single entityID at different
> locations, you would in general have to supply them with different
> metadata.
Just to clarify this a little, what it sounds like you'd want in this case is for the VLE to be fed with custom metadata for the IdP so that it would use a different SSO location.
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20120608/595664af/attachment-0001.bin
More information about the users
mailing list