Zoho Help SP claims no metadata

[Baron Fujimoto]

On Tue, Jun 16, 2020 at 11:49:10PM +0000, Cantor, Scott wrote:
>On 6/16/20, 7:37 PM, "users on behalf of Baron Fujimoto" <users-bounces at shibboleth.net on behalf of baron at hawaii.edu> wrote:
>
>> At the risk of sounding more dense, I see in the documentation where the relay state maybe configured via the target
>> parameter, but I'm missing specifically *where* these unsolicited SSO endpoints should be configured. The examples in
>> the Shibboleth docs aren't clear to me on this.
>
>Endpoint (not endpoints), and...nowhere. It just exists [1] same as all of them do. You don't "configure" the normal endpoints either (from the point of view of the IdP end).
>
>If you're talking about configuring some of the more unusual options, there's no difference. The same options are settable on the SAML2.SSO profile bean in either case. There's no profile bean specific to this use case, it's SAML2.SSO regardless.
>
>I doubt that's what you're asking anyway,  but sometimes that isn't clear to people.
>
>-- Scott
>
>[1] /idp/profile/SAML2/Unsolicited/SSO

I'm afraid I'm missing something fundamental that I'm not picking up from the documentation or from this thread. Given that endpoint, and assuming it may require some additional parameters such as target and perhaps providerId, where does it *go*? I mean, I think I get that /idp/profile/SAML2/Unsolicited/SSO just exists, but how do you tailor any specific options to a particular SP?

Surely *something* must distinguish them? Is it on the IdP side (A modified SAML.SSO bean? Where would that be done? Based on the documentation structure, I'm assuming RelyingParty, but I find myself at a loss for any good leads). Something purely on the SP side and coming from the SP? 

Clearly I have a gap in understanding something basic here, but I don't know what I don't know.

-- 
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum