Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify multiple ACS and SLS endpoints #221

Open
spaceone opened this issue Nov 4, 2020 · 2 comments
Open

Specify multiple ACS and SLS endpoints #221

spaceone opened this issue Nov 4, 2020 · 2 comments
Labels
informative question resolved

Comments

@spaceone
Copy link
Contributor

spaceone commented Nov 4, 2020

The current configuration only allows to specify one endpoint and binding for an ACS or SLS:

"sp": {
        "assertionConsumerService": {
            "url": "https://<sp_domain>/?acs",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        },
        "singleLogoutService": {
            "url": "https://<sp_domain>/?sls",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
}

Please include support for adding lists of dicts to this.
The generated metadata.xml should include them all:

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://master80.school.dev/saml/metadata">
  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://master80.school.dev/saml/" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://master80.school.dev/saml/" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.200.27.80/saml/" index="3"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://10.200.27.80/saml/" index="4"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://master80.school.dev/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://master80.school.dev/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://master80.school.dev/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://master80.school.dev/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.200.27.80/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://10.200.27.80/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://10.200.27.80/saml/sls/"/>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://10.200.27.80/saml/sls/"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>
@pitbulk
Copy link
Contributor

pitbulk commented Jan 9, 2021
edited
Loading

Right now only the Redirect binding is supported, except the ACS SP endpoint that uses HTTP-POST binding.
Based on that, there is no need right now to extend the current configuration.

If you plan to support multiple bindings on your Service Provider, I recommend you to take a look to:
https://github.com/IdentityPython/pysaml2

@spaceone
Copy link
Contributor Author

pysaml2 is the product we currently use. I created this issue as an evaluation whether a migration to this project is possible. This would be a blocking issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
informative question resolved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pitbulk @spaceone