[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Behavior of BARE_URL_ENTITYID



Karthik Sudarshan <ksudarshan@xxxxxxxxxx> said:
> Hi all,
>     I'm using the latest compiled mod_auth_saml module, and I have set the
> BARE_URL_ENTITYID=1 configuration to ensure just a URI for the entityId
> without the o=B query string. This seems to work fine.
> 
> However, after authentication instead of accessing the resource it just
> displays the SP metadata.

The Well Known Location method of metadata exchange specifies
that the entityID is the URL for fetching the metadata. You
should keep that in mind when choosing the URL you use with
BARE_URL_ENTITYID.

> For instance, http://hostname/protected/saml is the URL (and the entityId)
> and the protected resource is "/",  if I access
> http://hostname/index.htmlI'm properly redirected to the IDP selection
> page and after the
> authentication on the IDP the url is displayed as
> http://hostname/index.htmlbut the contents that are rendered are for
> the
> http://hostname/protected/saml.

This is curious. Maybe a bug?

"The url is displayed as" refers to the URL you see in the browser URL bar?

Is REDIR_TO_CONTENT still set to 1?

Cheers,
--Sampo

> If however, I set the BARE_URL_ENTITY_ID=0 and reconfigure the IDP, and
> redo the same test, it goes through and the index.html is displayed
> properly.
> 
> There is no other configuration change on the SP or the IDP side.
> 
> Can someone let me know if I'm missing any other configuration?
> 
> Regards,
> Karthik
> 
> -- 
> 
> ------------------------------
> <http://www.xtivia.com>  <http://www.virtual-dba.com/> <http://www.virtual-dba.com/><http://www.virtual-asa.com/>
>   <http://www.facebook.com/Xtivia>  <http://twitter.com/#!/xtivia> <http://www.linkedin.com/company/xtivia>
>   <http://blogs.xtivia.com>  <http://www.xtivia.com/resources/webinars>
> *Xtivia Virtual-Services (DBA/ASA) Customer Support: (800) 205-7537*
> ------------------------------
> This e-mail may contain confidential or privileged information. If you 
> believe you have received this e-mail in error, please notify the sender by 
> reply e-mail and then delete this e-mail immediately.