Specify the SingleSignOnService HTTP-Redirect URL to use?

Tom Scavo trscavo at gmail.com
Thu Feb 7 12:33:16 EST 2013

On Thu, Feb 7, 2013 at 12:17 PM, Terry Fleury <tfleury at illinois.edu> wrote:
> Our SP needs to connect to an IdP which has multiple SingleSignOnService
> endpoints of type "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
> and we need to connect to the second one configured in the metadata.

I'd call that a bug. Is this InCommon metadata?

> By default, site1.example.com is utilized since it appears first in the
> metadata. The only way I could figure out to use site2.example.com was
> to delete site1.example.com from the metadata. This is not a viable
> solution for the InCommon metadata file.

That answers my previous question ;-)

> (1) Is it possible for the SP to specify to connect to
> site2.example.com, either programatically (e.g., by using
> SessionInitiator creation parameters) or via configuration?

No. AFAIK, only one SingleSignOnService  endpoint per binding is
allowed in IdP metadata.

> (2) If not (1), would this be something that could easily be
> implemented? If so, I would be happy to submit a feature request.

I don't think that's possible.


More information about the users mailing list