[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: zxid saml module

"Refalo, Alan" <Alan.Refalo@xxxxxxxxxx> said:
> Sampo,
>  I'm trying to follow your simple example.  This is the configuration I'm using in my apache config file.
> <Location /protected>
>    Require valid-user
>    AuthType "saml"
>    ZXIDConf "URL=https://vmtest2.adsdesign.analog.com/test/saml";
>    ZXIDConf "DEFAULTQS=http%3A%2F%2Fenterprise-dev.sso.analog.com%2Fintranet%2Fsaml20"
>    ZXIDDebug "0x61"
> </Location>
> It seems that the defaultqs is not working correctly as I get set to the autogenerated IdP selection page.  Any help would be greatly appreciated.

The DEFAULTQS needs to be formatted as if it was submission of the
IdP selection page, i.e. it need to contain a query string with
at least


Where e= specifies the Entity ID of the IdP and i=1 means artifact profile.

See zxid-simple.pd, section "3.2 IdP Selection (Login) Screen"


> I have also included the output from the webserver.
> Thanks
> Alan
> -----Original Message-----
> From: sampo@xxxxxx [mailto:sampo@xxxxxx] 
> Sent: Thursday, September 06, 2012 6:08 PM
> To: Refalo, Alan
> Cc: sampo@xxxxxx; zxid.user@xxxxxxxxxxxxx
> Subject: Re: zxid saml module
> "Refalo, Alan" <Alan.Refalo@xxxxxxxxxx> said:
> > I have been trying to implement your saml module with apache.  So far it is working very well.  I have been able to get it to authenticate against our IdP correctly.  The problem we are having is that we only have one IdP and want it to be selected by default.  I believe this is supposed to work with the DEFAULTQS option, however it is not working.  I believe you made a note of this and are working on it.   Any idea when a fix for this might be released?
> >
> Yes, DEFAULTQS should do the trick. Are you able to catch the specific request with DEFAULTQS that is being made. For me it works, but I have noticed it is quite picky so knowing the exact input would help.
> Cheers,
> --Sampo
> > Thanks so much for developing this it looks like just what we need.
> > Regards,
> > Alan Refalo