Reputation: 307
How to configure Spring SAML to send "assertionConsumerServiceIndex" instead of "assertionConsumerServiceUrl"?
How can I configure Spring SAML to send "assertionConsumerServiceIndex" instead of "assertionConsumerServiceUrl" in the SAML Authentication Requests?
Another question: Where can I report an issue of the Spring security SAML project?
Thanks
Upvotes: 2
Views: 2745
Answers (2)
Reputation: 25
Yes, We need to alter the way buildReturnAddress() behaves in f/w. We can do this simply by extending WebSSOProfileImpl and overriding buildReturnAddress() method in our service provider code.
Upvotes: 1
Reputation: 307
Got it working but not through config file. I found following comment in the Spring SAML source code:
// AssertionConsumerServiceURL + ProtocolBinding is mutually exclusive with AssertionConsumerServiceIndex, we use first one here
I had to modify buildReturnAddress method of WebSSOProfileImpl class as below to insert AssertionConsumerServiceIndex instead of AssertionConsumerServiceURL + ProtocolBinding when creating new AuthNRequest:
if (service != null) {
request.setAssertionConsumerServiceIndex(service.getIndex());
}
Upvotes: 2
Related Questions
- Spring SAML - Handling Assertions
- SAML2 Authentication with authorization based on SAML assertions
- Unable to change default "reply Url" (assertion consumer service Location) in Spring security SAML SSO
- SAML2 - Response doesn't have any valid assertion which would pass subject validation
- SAML 2.0: How to configure Assertion Consumer Service URL
- SAML Configuration
- SAML: How does AssertionConsumerService address get constructed
- Spring SAML - support for customized SAML Assertion
- MetadataGenerator of Spring Security SAML doesn't support redirect binding for Assertion consumer service
- SAML 2.0 - Multiple AssertionConsumerService in SP