Blaster
Reputation: 1
OpenLiberty => Change SAML issuer
Is there a way to change SAML issuer URI in OpenLiberty configuration? i cannot find any documentation about it.
IdP expects svil.environment while i'm sending https://svil.environment/ibm/saml20/defaultSP so it reject SAML assertion
i'm using the following stuff: OpenLiberty ver. 22.0.0.9
feature: appSecurity-2.0 samlWeb-2.0
Upvotes: 0
Views: 45
Answers (1)
Logan Haas
Reputation: 1
I may be mis-understanding the question.
The issuer is sent from the IdP in the SAML assertion (SAMLResponse) to identify the IdP. So, the Open Liberty SP only needs to trust the issuer within the SAML assertian.
For Open Liberty to trust an issuer, we would set 'trustedIssuers'
<samlWebSso20 id="libertysp"
...
<pkixTrustEngine trustAnchor="serverStore" trustedIssuers="xyz" />
</samlWebSso20>
Helpful SAML Glossary (including issuer definition)
Upvotes: 0
Related Questions
- openliberty saml group mapping not working
- Connecting JMSToolbox to JMS app on OpenLiberty
- How To Become a SAML Service Provider
- What means the "SP Entity/IdP Audience" parameter in saml configuration for service provider?
- WSO2IS + node.js passport-saml integration error
- How does SAML really provide security?