Processing HTTP_Redirect from idp

Cantor, Scott cantor.2 at
Fri Nov 2 13:02:11 EDT 2018

On 11/2/18, 11:22 AM, "users on behalf of Will Knight" <users-bounces at on behalf of wknight at> wrote:

> We are in the process of moving entityID's.

Don't do that. EntityIDs are not supposed to change.
>  I don't know how "example idp" has theirs configured but in the case they have explicitly named the corresponding SP's
> entityID, and they are still pointing at the old one, is the HTTP redirect indicative of that situation?

I don't know what you mean by "the HTTP redirect".

> For example, the example idp is setup to use this link: 

IdPs shouldn't be "set up" to use links. Your SP should be the starting point, and this is one reason why, it avoids needless coupling. SSO is meant to be SP-initiated, not IdP-initiated.
> and we are trying to test their configuration using: 

That parameter in the SP's /Login URL is their entityID, not yours. So it wouldn't change. And the URL at which you're invoking the SP is also not the entityID of either IdP or SP, it's just a location.

Are you under the impression that your entityID has anything to do with your physical server location? It does not. By definition it cannot, that's its purpose. It's an indirection between who you are and where you are so that referring to the SP by name doesn't have to ever break.

-- Scott

More information about the users mailing list