Allowing the Metadata to determine end-points
Antony den Dulk
antony at selestiasolutions.com
Wed Jan 27 07:27:37 EST 2016
I have received the following from another person using Shibboleth:
"SAML 2.0 specifies different methods to assert an authentication request.
Shibboleth out-of-the-box uses the method called 'non-specified' while our
system uses the 'basic' method."
Seemingly the one of the differences between the 2 methods is that when
sending an authentication request the 1st method (Shibboleth standard)
sends the AssertionConsumerServiceURL while the basic does not. The effect
of the 2nd method is that the Metadata is used to determine the
AssertionConsumerServiceURL allowing the setup of various reverse-proxy
scenaries.
I have heard from another person that there is a way to arrange this in
Shibboleth but they do not have details on how.
Searching the documentation does not give me any details on how to do this
(I am probably searching using the wrong search terms or the 2nd person is
mistaken).
What do I need to configure in Shibboleth to have it use the 'basic' method?
Thanks,
Antony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160127/b69831a5/attachment.html>
More information about the users
mailing list