Specify the SingleSignOnService HTTP-Redirect URL to use?
trscavo at gmail.com
Thu Feb 7 12:33:16 EST 2013
On Thu, Feb 7, 2013 at 12:17 PM, Terry Fleury <tfleury at illinois.edu> wrote:
> Our SP needs to connect to an IdP which has multiple SingleSignOnService
> endpoints of type "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
> and we need to connect to the second one configured in the metadata.
I'd call that a bug. Is this InCommon metadata?
> By default, site1.example.com is utilized since it appears first in the
> metadata. The only way I could figure out to use site2.example.com was
> to delete site1.example.com from the metadata. This is not a viable
> solution for the InCommon metadata file.
That answers my previous question ;-)
> (1) Is it possible for the SP to specify to connect to
> site2.example.com, either programatically (e.g., by using
> SessionInitiator creation parameters) or via configuration?
No. AFAIK, only one SingleSignOnService endpoint per binding is
allowed in IdP metadata.
> (2) If not (1), would this be something that could easily be
> implemented? If so, I would be happy to submit a feature request.
I don't think that's possible.
More information about the users