ShibbolethSP+ADFS and vhosts

Peter Schober peter.schober at univie.ac.at
Thu Feb 15 12:52:03 EST 2018


* Gahring, David A <gahringd at palmbeachstate.edu> [2018-02-15 17:48]:
> What is the best way (SP initiated, IDP initiated, etc..) to both
> provide a username value to ADFS for the logon form, as well as
> return to the requesting (or specific) vhost where the signon was
> initiated?

Assuming SAML as the protocol to be used I don't think you can legally
add anything to the SAML authentication request, unless you extend the
XML properly, and even if you did that the IDP would have to know what
to look for.
Not that I understood anything from your post, really, neither the
load-balancing thing with separate vhosts for each Tomcat instance,
nor the many ADFS-specifics things.
-peter


More information about the users mailing list