SP3 multiple vhosts with acs index

VANNIER, LAURENT laurent.vannier at airbus.com
Wed Jun 16 13:41:05 UTC 2021


I'm using Shibboleth SP3 on Windows IIS with multiple vhosts having the
same SP entityid and trying to federate all these vhosts with an IdP that
supports multi ACS by using acsindex.

I'm able to provide an acsindex in the authnrequest with acsByIndex="true"
in the SSO object.
In the metadata, I'm using EndpointBase to automatically add the
additional endpoints for the vhosts.

When using acsindex="1" or "2" in the SSO object (or through query params),
it seems possible to provide the required value in the authnrequest for
each vhost.
However, when using acsindex="3", I get an error 500 with message "artifact
binding selected for response, but identity provider lacks support" in the
logs without the authnrequest being generated.
I noticed that when changing the order of lines of the SSO SAML2 bindings
in the protocols.xml file, this error occurs with acsindex="2", so I see
that there is a 'relation' between the acsindex given in this file and
apparently not with the acsindex that are generated in the SP metadata for
the various endpoints. Which is not what I was expecting.

Any idea how to configure the acsindex value depending on the vhost that is

Thanks for your help.

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210616/145af4e3/attachment.htm>

More information about the users mailing list