Ordering of ACS endpoints
Peter Schober
peter.schober at univie.ac.at
Wed Dec 9 07:07:56 EST 2015
* Robert Lowe <robertmlowe at rmlowe.com> [2015-12-09 12:58]:
> > See also
> > https://issues.shibboleth.net/jira/browse/SSPCPP-672
>
> Thanks Rod. That looks like it might explain the behavior, although I do
> not understand what is meant by “sorted by location.”
The Shibboleth SP software partially encodes the protocol binding into
the URL of the AssertionConsumerService/@Location XML attribute, e.g.
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp.example.org/Shibboleth.sso/SAML2/POST" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp.example.org/Shibboleth.sso/SAML2/Artifact" index="2"/>
If you sorted that by Location then Artifact would come first (as
would SAML[1] before SAML2, I would imagine).
None of these problems exist if you generate SP metadata using the
provided `metagen.sh` script (`shib-metagen` on Debian and friends)
from the SP distribution.
-peter
More information about the users
mailing list