ShibbolethSP+ADFS and vhosts

Peter Schober peter.schober at
Thu Feb 15 12:52:03 EST 2018

* Gahring, David A <gahringd at> [2018-02-15 17:48]:
> What is the best way (SP initiated, IDP initiated, etc..) to both
> provide a username value to ADFS for the logon form, as well as
> return to the requesting (or specific) vhost where the signon was
> initiated?

Assuming SAML as the protocol to be used I don't think you can legally
add anything to the SAML authentication request, unless you extend the
XML properly, and even if you did that the IDP would have to know what
to look for.
Not that I understood anything from your post, really, neither the
load-balancing thing with separate vhosts for each Tomcat instance,
nor the many ADFS-specifics things.

More information about the users mailing list