IdP honoring the ACS in the authentication request (if signed) actually works. I have missed a configuration when testing. Sorry about that.
On Sat, Dec 13, 2014 at 9:23 AM, Dulanja Liyanage <[email protected]> wrote: > Darshana, I also thought it'd work. But a quick test revealed it doesn't. > > @Dinusha, according to SAML Specs we *should* allow to add multiple ACS > URLs. But, it's a new feature. > > On Sat, Dec 13, 2014 at 9:11 AM, Dinusha Senanayaka <[email protected]> > wrote: >> >> Thanks Darshana. Currently we don't sign the request which is generated >> from the gateway. We could improve it configurable and give user option to >> sign or not. But I'm not sure whether we can use this as a permanent >> solution because, then user is always restricted to sign the request if he >> want to expose both http/https gateway urls. Will this be a hard >> improvement if we doing it from identity side ? What we need is capability >> to configure multiple ACS urls in the SP. When the request comes, validate >> ACS in the request is a one defined in SP, if so send saml response to the >> matching ACS. >> >> Regards, >> Dinusha. >> >> On Thu, Dec 11, 2014 at 4:32 PM, Darshana Gunawardana <[email protected]> >> wrote: >>> >>> AFAIK, we don't support registering multiple ACS urls.. But IdP honour >>> to the ACS in the authentication request, if the request is signed. >>> >>> On Thu, Dec 11, 2014 at 12:51 PM, Dinusha Senanayaka <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> Requirement is, in App Manager, synapse gateway act as the assertion >>>> consumer URL. It's possible to expose gateway url from http and https at >>>> the same time which will give two access urls. So when we registering SP >>>> for this app, we need to associate both http and https urls as assertion >>>> consumer urls. >>>> >>>> Regards, >>>> Dinusha. >>>> >>>> -- >>>> Dinusha Dilrukshi >>>> Senior Software Engineer >>>> WSO2 Inc.: http://wso2.com/ >>>> Mobile: +94725255071 >>>> Blog: http://dinushasblog.blogspot.com/ >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Software Engineer >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: [email protected] <[email protected]>* >>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >>> >> >> >> -- >> Dinusha Dilrukshi >> Senior Software Engineer >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > > -- > Dulanja Liyanage > WSO2 Inc. > M: +94776764717 > -- Dulanja Liyanage WSO2 Inc. M: +94776764717
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
