[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Multiple Assertion Consumer Service URL Support
On Wed, Aug 8, 2018 at 2:04 AM Vipul Mehta <vipulmehta.1989@gmail.com> wrote: > > If we provide SP metadata file with multiple ACS URLs (<md:AssertionConsumerService> along with index) then some IDPs ignore it and pick up only the first one. In my opinion this is against SAML 2.0 specifications and IDP should consider all the ACS URLs. Please confirm. If the SP includes a specific AssertionConsumerServiceURL in the AuthnRequest, the IdP MUST respond to that endpoint (or return an error). OTOH, if the SP includes an AssertionConsumerServiceIndex in the AuthnRequest, the IdP MUST be able to map that index to a specific endpoint but nowhere does it say that the IdP must use metadata for that (or any other) purpose. See section 3.4 of SAML Core for details. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]