Multiple Services on One SP
Jason
shibboleth at happycat.org.uk
Mon Jan 21 23:41:32 EST 2013
Hi All:
I'm working to set up integration between a Shibboleth IdP and a
service provider that hosts multiple web applications.
That is, the service provider has a single ACS URL, and the webapp
that the end user will be redirected to depends on the value of custom
attributes that I pass in the SAML assertion.
Since we're using an IdP-initiated login flow, end users would
normally be given a URL like this to get to a web application:
https://idp.domain.com/idp/profile/SAML2/Unsolicited/SSO?providerId=[SP ACS URL]
The problem is that I'm not sure of a good way to control the value of
the custom attributes except by using the attribute resolver.
For example, if the "Application" attribute has a value of "2" in the
SAML assertion, the end user would be redirected to application #2 on
the service provider. Is there any way that I can specify what the
custom attribute value should be using some value in the URL?
I know something like:
https://idp.domain.com/idp/profile/SAML2/Unsolicited/SSO?providerId=[SP
ACS URL]?Application=2
wouldn't work, but is there any other way to accomplish this?
--Jason
More information about the users
mailing list