IdP 3.x artifact resolution configuration flexibility
Cantor, Scott
cantor.2 at osu.edu
Thu May 28 10:42:38 EDT 2015
On 5/28/15, 2:20 PM, "Scott Koranda" <skoranda at gmail.com> wrote:
>I am inquiring about the Shibboleth IdP v 3.1.1 or later.
>
>Suppose I want to specify the EndpointIndex the IdP is to
>include in the artifact it sends in response to an
><AuthnRequest> with the HTTP-Artifact binding.
>
>Would that be possible with "configuration only"?
Yes, it's in idp.properties, or you might want to factor it into a
separate property file I guess to limit the "node-specific" content to
just one property.
# May differ to direct SAML 2 artifact lookups to specific server nodes
#idp.artifact.endpointIndex = 2
(The reason it defaults to 2 is that the SAML 1 endpoint gets assigned "1"
in the example metadata.)
With the newer RP config, you can certainly override this in the file, but
by default it will be set based on the property.
I'm going to take a guess that you tried this and it didn't work, so
there's probably a bug...
-- Scott
More information about the users
mailing list