Shibboleth and TMASystems
Nate Klingenstein
ndk at internet2.edu
Mon Jun 3 08:10:30 EDT 2013
Brent,
We are expected to send the SAML response to a specific URL as in samlservice.aspx that will then consume the response. From what I see in the documentation, the ACS URLs are virtual, not literal. In our case, we are trying to send the response to a literal ACS URL.
I'm not sure how you're distinguishing between a "literal" URL and a "virtual" one, even with the example. Maybe you're just referring to the query string? There's no actual "file" at /Shibboleth.sso/ either.
Either way, from the IdP's perspective, the internal hosting architecture of the SP is opaque. It just needs to know a trusted place to send the user back to with the assertion in hand.
For example instead of the ACS URL http://webtma.umaryland.edu/Shibboleth.sso/SAML2/POST, I need to send directly to http://webtma.umaryland.edu/tmalogin/samlservice.aspx?c=umb
Then that's the URL that should be in their metadata and in the AuthnRequest. I believe the IdP will honor ACS URL's with query strings, but it's not a common use case, so this will be the first place to start looking should you have an issue.
Thanks,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130603/819a40d5/attachment-0001.html
More information about the users
mailing list