Menu
▾
▴
Re: [Unity-idm-discuss] Support for multiple SAML assertion consumer service endpoints for a single SAML SP
|
From: Krzysztof B. <kb...@un...> - 2017-09-17 19:30:50
|
Hi Willem, W dniu 14.09.2017 o 14:20, Willem Elbers pisze: > Hello Krzysztof, > > does unity (we are still on version 1.9.6) support multiple assertion > consumer (ACS) endpoints (with different hostnames) for a single SAML SP? > > We have integrated a SAML SP with a separate ACS for each application > they host via that SP, as described in the shibboleth documentation [1] > under 'Applications'. See the attached metadata for an example. > > None of these locations seems to work and throw a > "eu.unicore.samly2.exceptions.SAMLRequesterException: > AssertionConsumerServiceURL in request > (https://registries.clarin-dariah.eu/Shibboleth.sso/SAML2/POST) is not > among trusted endpoints of the issuer." error. > > There is no information in the unity log file (log level = DEBUG) > indicating any issue with this SP > (entityID="https://clarin.oeaw.ac.at/shibboleth"). > > Any help to fix this issue is greatly appreciated. Please let me know if > you need more information. Unfortunately as of now we support only one endpoint per each type of endpoint for trusted SP (i.e. one HTTP Web-SSO, one HTTP SLO-Redirect, ...). The first one from metadata is taken. If you need support for multiple endpoints please write or open a ticket directly. Best, Krzysztof |
