CODEWITHSUNDEEP
wso2wso2-identity-server
Anthony R
Anthony R

Reputation: 17

Change AssertionConsumerServiceURL in AuthnRequest in WSO2 IS

My SAML request from WSO2 to my IdP contains the port still in the AssertionConsumerServiceURL in the AuthnRequest. I am running the system behind a reverse proxy and need to change this URL.

Please help, I cannot find it in any configs, thank you

Upvotes: 0

Views: 1724

Answers (2)

Timothy Kanters
Timothy Kanters

Reputation: 316

In repository/conf/identity/application-authentication.xml you can set a property on the SAMLSSOAuthenticator:

<AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
    <Parameter name="SAMLSSOAssertionConsumerUrl">
        https://sso.your-url.com/commonauth
    </Parameter>
    <Parameter name="VerifyAssertionValidityPeriod">true</Parameter>
    <Parameter name="TimestampSkew">300</Parameter>
</AuthenticatorConfig>

This is the relevant code in WSO2-IS that builds a authenticationRequest:

String acsUrl = null;
AuthenticatorConfig authenticatorConfig =
        FileBasedConfigurationBuilder.getInstance().getAuthenticatorConfigMap()
                .get(SSOConstants.AUTHENTICATOR_NAME);
if (authenticatorConfig != null){
    String tmpAcsUrl = authenticatorConfig.getParameterMap().get(SSOConstants.ServerConfig.SAML_SSO_ACS_URL);
    if(StringUtils.isNotBlank(tmpAcsUrl)){
        acsUrl = tmpAcsUrl;
    }
}

if(acsUrl == null) {
    acsUrl = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
}

In other words it checks if this configuration exists, otherwise it will create it based on the hostname & the commonauth endpoint setting.

Upvotes: 1

pulasthi7
pulasthi7

Reputation: 901

To change the hostname : Set the "MgtHostName" value to your hostname at repository/conf/carbon.xml

To change the port : Add proxyPort="443" attribute to the HTTPS connector element at the repository/conf/tomcat/catalina-server.xml

Upvotes: 0

Related Questions