The problem is: it should redirect user to IdP, but IdP should redirect back to the correct caller.
I'm quite sure on metadata.xml are to appear two entries hardcoded to the sitename.
I'm less sure how to modify shibboleth.xml. Actually the matter is if I should add a Application element inside Applications. Please note this Application is nearly empty, as it inherits the Session and CredentialUse elements.
Ok: it turns out that a Application inside Applications is needed in shibboleth.xml:
<application id="my_id" homeurl="http://my_virtual_host.unimore.it"
saml="urn:oasis:names:tc:SAML:1.0:assertion" md="urn:oasis:names:tc:SAML:2.0:metadata">
<errors session="/etc/shibboleth/sessionError.html"
metadata="/etc/shibboleth/metadataError.html" rm="/etc/shibboleth/rmError.html"
access="/etc/shibboleth/accessError.html" ssl="/etc/shibboleth/sslError.html"
supportcontact="my_admin@unimore.it" logolocation="/shibboleth-sp/logo.jpg"
stylesheet="/shibboleth-sp/main.css">
</errors>
</application>
And then a new Host element inside RequestMapper again in shibboleth.xml:
<Host name="my_virtual_host.unimore.it" applicationId="my_id">
<Path name="secure" authType="shibboleth" requireSession="true"/>
But, surprise surprise, on the metadata.xml it is enought to add two more bindings to <AssertionConsumerService>:
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="http://my_first_virtual_host.unimore.it/Shibboleth.sso/SAML/POST"
index="1"></AssertionConsumerService> <AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
Location="http://my_first_virtual_host.unimore.it/Shibboleth.sso/SAML/Artifact"
index="2"></AssertionConsumerService><AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="http://my_second_virtual_host.unimore.it/Shibboleth.sso/SAML/POST"
index="3"></AssertionConsumerService>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
Location="http://my_second_virtual_host.unimore.it/Shibboleth.sso/SAML/Artifact"
index="4"></AssertionConsumerService>
No comments:
Post a Comment