Add static/custom attribute with ACS Url
Santu Ghosh
mon.snahasish at gmail.com
Wed Feb 7 16:15:12 EST 2018
Thanks for your reply.
>but in an IdP-initiated flow, the IdP can
add whatever RelayState value the SP will understand (presumably by
prior agreement).
Can you please give me an example how to add an parameter in an ACS url ??
On Feb 8, 2018 1:58 AM, "Tom Scavo" <trscavo at gmail.com> wrote:
On Wed, Feb 7, 2018 at 1:40 PM, Santu Ghosh <mon.snahasish at gmail.com> wrote:
>
> I have an SP with entityId https://xxx.com/shibboleth-sp.
> More than 4 IdP are connected with my SP. Among them 3 using SP initiated
> and one used IdP initiated authentication. Now the IDP who use IdP
initiated
> flow try to execute SP's ACE URL i,e, https://xxx.com/shibboleth-sp in
their
> end.
Oops, apparently you typed your entityID twice.
> After executing above mentioned url , user of that Idp are redirected to
> error page. Because when SP received the requested url in ACS location, SP
> is unable to distinguished IDP's identity. As a result they are redirected
> to error page.
The IdP's identity is in the SAML assertion.
> Is it possible to add an custom/static parameter with the ACS URL ?
Have you considered using RelayState? In an SP-initiated flow, the SP
determines the RelayState, but in an IdP-initiated flow, the IdP can
add whatever RelayState value the SP will understand (presumably by
prior agreement).
Tom
--
For Consortium Member technical support, see https://wiki.shibboleth.net/
confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.
net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180207/89717a54/attachment.html>
More information about the users
mailing list