IdP 3.x artifact resolution configuration flexibility

Scott Koranda skoranda at
Thu May 28 10:45:05 EDT 2015

> On 5/28/15, 2:20 PM, "Scott Koranda" <skoranda at> wrote:
> >I am inquiring about the Shibboleth IdP v 3.1.1 or later.
> >
> >Suppose I want to specify the EndpointIndex the IdP is to
> >include in the artifact it sends in response to an
> ><AuthnRequest> with the HTTP-Artifact binding.
> >
> >Would that be possible with "configuration only"?
> Yes, it's in, or you might want to factor it into a 
> separate property file I guess to limit the "node-specific" content to 
> just one property.
> # May differ to direct SAML 2 artifact lookups to specific server nodes
> #idp.artifact.endpointIndex = 2


> (The reason it defaults to 2 is that the SAML 1 endpoint gets assigned "1" 
> in the example metadata.)
> With the newer RP config, you can certainly override this in the file, but 
> by default it will be set based on the property.
> I'm going to take a guess that you tried this and it didn't work, so 
> there's probably a bug...

No, I simply overlooked it. Sorry for the noise.

I will be testing it and will let you know if I do see an


Scott K

More information about the users mailing list