[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DEFAULTQS configuration help



Karthik Sudarshan <ksudarshan@xxxxxxxxxx> said:
> Hi all,
>     I have downloaded the latest version of zxid (1.16) and compiled

Rest of the list: sorry folks, I did not announce it, but there is a
new release available :-)

There will be another before christmas.

> against Apache 2.2  on Ubuntu to get the mod_auth_saml.so. I have
> registered an IDP in my COT using the zxcot utility. I can see that in my
> dropdown list on the IDP selection page as well.
> 
> I want to be able to bypass the IDP selection page and directly go to the
> IDP login page. For that I used the DEFAULTQS configuration option and it
> does not seem to work.
> 
> My option in the apache conf file for the <Location> is  as below:
> 
> DEFAULTQS=10https://<hostname>/<path>/metadata.xml

The correct syntax is the query string syntax as if a form
had been submitted. Try the following

DEFAULTQS=l0https://<host>/<path>/idp.xml=1%26fp=1

Please note

1. The l0... stuff must end with "=1"

2. If there are any other fields you would like to pass, you need
   to include them in the query string, but you need to URI escape
   characters, such as ampersand ("&") with %26 (percent 26).

3. One other field in particular that you may want to pass is
   fr (aka RelayState) which will control the redirection
   after SSO if you have configured REDIR_TO_CONTENT=1

Cheers,
--Sampo

> I tried to give this in the zxid.conf file as well, and that didn't work
> either.
> 
> Can someone please suggest how to set this configuration correctly?
> 
> Regards,
> Karthik
> 
> -- 
> 
> ------------------------------
> <http://www.xtivia.com>  <http://www.virtual-dba.com/> <http://www.virtual-dba.com/><http://www.virtual-asa.com/>
>   <http://www.facebook.com/Xtivia>  <http://twitter.com/#!/xtivia> <http://www.linkedin.com/company/xtivia>
>   <http://blogs.xtivia.com>  <http://www.xtivia.com/resources/webinars>
> *Xtivia Virtual-Services (DBA/ASA) Customer Support: (800) 205-7537*
> ------------------------------
> This e-mail may contain confidential or privileged information. If you 
> believe you have received this e-mail in error, please notify the sender by 
> reply e-mail and then delete this e-mail immediately.