0 Replies Latest reply on Oct 20, 2013 5:57 AM by rhuiser

    AssertionConsumerService and AttributeConsumingService not part of AuthnRequest

    rhuiser
    rhuiser Oct 20, 2013 5:57 AM

      Hi all,

       

      We are using JBoss 5.1.2 EAP and PicketLink 2.1.8 for our SP applications.

      PicketLink is configured to use signed HTTP-POST for AuthnRequest. This all works fine.

       

      In the metadata I've configured the following for the SP:

       

      <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">

           <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

           <AssertionConsumerService Location="http://host:8180/myapp/" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>

           <AttributeConsumingService index="1">

             <ServiceName xml:lang="en">My Test App</ServiceName>

             <ServiceDescription xml:lang="en">A description.</ServiceDescription>

           </AttributeConsumingService>

      </SPSSODescriptor>

       

      I would expect to have the AssertionConsumerServiceIndex and AttributeConsumingServiceIndex as part of the AuthnRequest, but it isn't.

       

      What am I doing wrong here?

       

      Thanks in advance,

      Robin Huiser