On Sat, Dec 13, 2014 at 9:42 AM, Dinusha Senanayaka <[email protected]> wrote: > > > > On Sat, Dec 13, 2014 at 9:29 AM, Dulanja Liyanage <[email protected]> > wrote: >> >> BTW Dinusha, why do you want to send a SAML Response through an unsecured >> channel? If you must do it, then the Response must be encrypted. >> > Oh, you mean the response. This is because, if the web app is published with http transports. This is a user option to publish it with http or https or both.
> Yeah Dulanja. This anyway we have to fix. > >> >> On Sat, Dec 13, 2014 at 9:23 AM, Dulanja Liyanage <[email protected]> >> wrote: >>> >>> Darshana, I also thought it'd work. But a quick test revealed it >>> doesn't. >>> >>> @Dinusha, according to SAML Specs we *should* allow to add multiple ACS >>> URLs. But, it's a new feature. >>> >>> On Sat, Dec 13, 2014 at 9:11 AM, Dinusha Senanayaka <[email protected]> >>> wrote: >>>> >>>> Thanks Darshana. Currently we don't sign the request which is generated >>>> from the gateway. We could improve it configurable and give user option to >>>> sign or not. But I'm not sure whether we can use this as a permanent >>>> solution because, then user is always restricted to sign the request if he >>>> want to expose both http/https gateway urls. Will this be a hard >>>> improvement if we doing it from identity side ? What we need is capability >>>> to configure multiple ACS urls in the SP. When the request comes, validate >>>> ACS in the request is a one defined in SP, if so send saml response to the >>>> matching ACS. >>>> >>>> Regards, >>>> Dinusha. >>>> >>>> On Thu, Dec 11, 2014 at 4:32 PM, Darshana Gunawardana < >>>> [email protected]> wrote: >>>>> >>>>> AFAIK, we don't support registering multiple ACS urls.. But IdP honour >>>>> to the ACS in the authentication request, if the request is signed. >>>>> >>>>> On Thu, Dec 11, 2014 at 12:51 PM, Dinusha Senanayaka <[email protected] >>>>> > wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Requirement is, in App Manager, synapse gateway act as the assertion >>>>>> consumer URL. It's possible to expose gateway url from http and https at >>>>>> the same time which will give two access urls. So when we registering SP >>>>>> for this app, we need to associate both http and https urls as assertion >>>>>> consumer urls. >>>>>> >>>>>> Regards, >>>>>> Dinusha. >>>>>> >>>>>> -- >>>>>> Dinusha Dilrukshi >>>>>> Senior Software Engineer >>>>>> WSO2 Inc.: http://wso2.com/ >>>>>> Mobile: +94725255071 >>>>>> Blog: http://dinushasblog.blogspot.com/ >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> >>>>> >>>>> *Darshana Gunawardana*Software Engineer >>>>> WSO2 Inc.; http://wso2.com >>>>> >>>>> *E-mail: [email protected] <[email protected]>* >>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >>>>> >>>> >>>> >>>> -- >>>> Dinusha Dilrukshi >>>> Senior Software Engineer >>>> WSO2 Inc.: http://wso2.com/ >>>> Mobile: +94725255071 >>>> Blog: http://dinushasblog.blogspot.com/ >>>> >>> >>> >>> -- >>> Dulanja Liyanage >>> WSO2 Inc. >>> M: +94776764717 >>> >> >> >> -- >> Dulanja Liyanage >> WSO2 Inc. >> M: +94776764717 >> > > > -- > Dinusha Dilrukshi > Senior Software Engineer > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
