Menu
▾
▴
[Unity-idm-discuss] Port used by Unity SAML SP
|
From: D B. <ba...@aw...> - 2017-10-24 14:22:03
|
Hi,
I'm trying to setup up Unity as a SAML hub/bridge by connecting it to an
upstream Shibboleth SAML IdP.
I first tried this while running unity on the preconfigured port 2443 -
but I noticed that the sp xml configuration file and the AuthnRequests
generated by Unity don't specify the port in URLs.
After I logged in with the IdP, this led to a timeout when my browser
was redirected to unity's AssertionConsumerService - which couldn't be
found at the given URL since the port wasn't correct.
Is this intentional? If so, can the port of unity's SAML SP consumers be
configured and how?
Example sp metadata xml produced by Unity (no ports in the URLs):
<urn:EntityDescriptor entityID="SomeEntityID"
xmlns:urn="urn:oasis:names:tc:SAML:2.0:metadata">
<urn:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
AuthnRequestsSigned="true" WantAssertionsSigned="true">
<urn:AssertionConsumerService index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://192.168.42.42/unitygw/spSAMLResponseConsumer"
isDefault="true"/>
<urn:AssertionConsumerService index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://192.168.42.42/unitygw/spSAMLResponseConsumer"
isDefault="false"/>
</urn:SPSSODescriptor>
</urn:EntityDescriptor>
Example AuthnRequest produced by Unity (no ports in the URL):
<?xml version="1.0" encoding="UTF-8"?>
<urn:AuthnRequest xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://192.168.42.42/unitygw/spSAMLResponseConsumer"
Destination="https://my-shibboleth-idp.org:443/idp/profile/SAML2/Redirect/SSO"
ID="SAMLY2lib_msg_41c326779d8ac2146cfca15dd5ddc6794898f6f9f31ba97d"
IssueInstant="2017-10-24T14:01:21.103Z"
Version="2.0">
<urn1:Issuer xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">SomeEntityID</urn1:Issuer>
<urn:NameIDPolicy AllowCreate="true"/>
</urn:AuthnRequest>
Thanks!
D
|
