3 Replies Latest reply on Feb 28, 2011 12:03 PM by anil.saldhana

Why is AssertionConsumerServiceURL always set to issuer in SAML2AuthenticationHandler?

kroessi Feb 10, 2011 5:42 AM

Hi,

I use the SAML2AuthenticationHandler in my ServiceProvider.

I figured out that AssertionConsumerServiceURL is always set to issuer in SAML2AuthenticationHandler.

The issuer comes from <ServiceURL> in config file picketlink-idfed.xml.

Here the code from SAML2AuthenticationHandler.SPAuthenticationHandler.generateSAMLRequest

{code}

AuthnRequestType authn = samlRequest.createAuthnRequestType(id,

issuerValue, response.getDestination(), issuerValue);

{code}

Is there a special reason why this is implemented this way? I would be very happy if there was a way to set the two paramters separately?

Can somebody help me to accomplish this?

Thanks and best regards,

Katja

1. Why is AssertionConsumerServiceURL always set to issuer in SAML2AuthenticationHandler?

anil.saldhana Feb 12, 2011 7:25 PM (in response to kroessi)

Are you sure we are doing that? I need to check. I think we just try to set it to the service url at this time.

You can always write your own handlers fyi. But I would doubt you want to do it in this case.
Actions
2. Why is AssertionConsumerServiceURL always set to issuer in SAML2AuthenticationHandler?

kroessi Feb 28, 2011 11:54 AM (in response to anil.saldhana)

Yes, at least in this handler the AssertionConsumerServiceURL is set to the issuer. I am currently trying to set up a scenario with Shibboleth as IdentityProvider and Picketlink as ServiceProvider. In Shibboleth the issuer normally is a fixed URL and the AssertionConsumerServiceURL depends on the use case. So it would be nice for me to be able to set them separately, because then one URL is fixed and the other one depends, e.g. on the environment.
It would be possible to write my own handler, but I see no possibility how to set the second URL without having a custom property file or similar. It would be great if it would be possible to set it via picketlink-idfed.xml.
Actions
3. Why is AssertionConsumerServiceURL always set to issuer in SAML2AuthenticationHandler?

anil.saldhana Feb 28, 2011 12:03 PM (in response to kroessi)

Since each of the handlers can take in options, I think it is possible to introduce the behavior that you request.

Please watch: https://issues.jboss.org/browse/PLFED-149

Thank you so much for performing interop with Shibboleth for us. We appreciate all your questions and feedback.
Actions

Go to original post