We are working on an IdP-initiated single sign-on integration. We are the IdP.
The SP party has given us a SSO URL where they expect parameters on the URL. The url looks like this: https://sp-sso-url/login.aspx?param1=x¶m2=y
How should we configure the IdP to be able to support this?
Thanks in advance.
Regards,
If the parameters are static, simply include them in your saml.config.
For example:
<PartnerServiceProvider
Name=“…”
AssertionConsumerServiceUrl=“<a href=“https://sp-sso-url/login.aspx?param1=x¶m2=y””>https://sp-sso-url/login.aspx?param1=x¶m2=y"
If the parameters are dynamic, there’s a SAMLIdentityProvider.InitiateSSO overload that includes an assertionConsumerServiceUrl parameter. If specified this overrides the URL in your saml.config.
[quote][/quote]
If the parameters are static, simply include them in your saml.config.
For example:
<PartnerServiceProvider
Name="...."
AssertionConsumerServiceUrl="https://sp-sso-url/login.aspx?param1=x¶m2=y"
If the parameters are dynamic, there's a SAMLIdentityProvider.InitiateSSO overload that includes an assertionConsumerServiceUrl parameter. If specified this overrides the URL in your saml.config.
For example:
<PartnerServiceProvider
Name="...."
AssertionConsumerServiceUrl="https://sp-sso-url/login.aspx?param1=x¶m2=y"
If the parameters are dynamic, there's a SAMLIdentityProvider.InitiateSSO overload that includes an assertionConsumerServiceUrl parameter. If specified this overrides the URL in your saml.config.
Thanks for the response. The parameters are static and we have configured them in the saml.config file using your instructions. When we try hit the SP, we get the following error:
Stack Trace:
[XmlException: '=' is an unexpected token. The expected token is ';'. Line 15, position 89.]
System.Xml.XmlTextReaderImpl.Throw(Exception e) +89
System.Xml.XmlTextReaderImpl.HandleEntityReference(Boolean isInAttributeValue, EntityExpandType expandType, Int32& charRefEndPos) +251
System.Xml.XmlTextReaderImpl.ParseAttributeValueSlow(Int32 curPos, Char quoteChar, NodeData attr) +611
System.Xml.XmlTextReaderImpl.ParseAttributes() +1145
System.Xml.XmlTextReaderImpl.ParseElement() +413
System.Xml.XmlTextReaderImpl.ParseElementContent() +128
System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace) +92
System.Xml.XmlLoader.LoadDocSequence(XmlDocument parentDoc) +26
System.Xml.Xmldocument.Load(XmlReader reader) +136
ComponentSpace.SAML2.Utility.Xml.LoadDocument(String xmlText) +182
ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(String fileName) +195
ComponentSpace.SAML2.SAMLController.Initialize() +206
ComponentSpace.SAML2.InternalSAMLIdentityProvider..ctor() +14
We initiate the SSO with the following call:
SAMLIdentityProvider.InitiateSSO(Response,userName, attributes,targetUrl,partnerSP);
where partnerSP is "TestSP"
"TestSP" is defined in the saml.config file as follow:
<PartnerServiceProvider Name="TestSP"
Description="TestSP"
WantAuthnRequestSigned="true"
SignSAMLResponse="true"
SignAssertion="false"
EncryptAssertion="false"
AssertionConsumerServiceUrl="http://uat.providersp.com/login.aspx?sso=1&carrierid=test"
/>
Something to note is that position 15,89 on the real saml.conf file corresponds to the second equal sign (=) between carrierid and test. So we are confused as to why it parsed the first param (sso=1) and it fails to parse the second (carrierid=test).
Any idea what could be missing?
You need to specify the entity reference & to include an ampersand as an XML attribute value.
For example:
AssertionConsumerServiceUrl=“<a href=“http://uat.providersp.com/login.aspx?sso=1&carrierid=test””>http://uat.providersp.com/login.aspx?sso=1&carrierid=test"