Multiple Assertion Consumer Service (ACS) config file

lucas · November 29, 2018, 3:29am

Hi,

I’m working with examples from HighLevelAPI and it is working perfectly.
But now, I would like to work with more than one Assertion Consumer Service (ACS).

I checked the documentation and I found this overload:

SAMLServiceProvider.InitiateSSO(response, relayState, null, null, assertionConsumerServiceUrl, null);

I can set the assertionConsumerServiceUrl without a problem.

But I would like to set multiple ACS in the config file and just set the index, something like this:

<SAMLConfiguration
xmlns=“urn:componentspace:SAML:2.0:configuration”>
<ServiceProvider Name=“<a href=“https://localhost.com””>https://localhost.com"
Description=“Service Provider”
LocalCertificateFile=““
LocalCertificatePassword=”****”
/>
<AssertionConsumerService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“<a href=“https://localhost/Saml2/Acs””>https://localhost/Saml2/Acs" index=“0” isDefault=“true” />
<AssertionConsumerService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“<a href=“https://localhost/Saml2/Acs2"”>https://localhost/Saml2/Acs2” index=“1” />

<PartnerIdentityProvider Name=“<a href=“https://localhostidp.localhost.io””>https://localhostidp.localhost.io"
Description=“Localhost”
SingleSignOnServiceUrl=“<a href=“https://localhostidp.localhost.io/SAML/SSOService””>https://localhostidp.localhost.io/SAML/SSOService"
PartnerCertificateFile=“Certificates\idp.cer”/>

Can I do it with HighLevel API?

Many thanks

ComponentSpace · November 29, 2018, 5:00pm

Currently we don’t support multiple assertion consumer service URLs in the SAML configuration.
You would need to use the overload you mentioned to specify different URLs.
May I ask why you wish to do this?
Most use cases involve a single URL.
The overload that take a URL was introduced for use cases where the URL was dynamic (eg included a query string value etc).

lucas · November 30, 2018, 12:47am

Hi,

Thanks for the fast reply.

I wish to do this because I need to send my config file with multiple ACS endpoints to my clients.
Each client has a different kind of IDP.

ComponentSpace · November 30, 2018, 1:34am

Your saml.config file should be internal to you. It’s not something you would distribute.
As a service provider, it’s perfectly valid and quite normal to have a single assertion consumer service URL supporting multiple partner identity providers.
You don’t need a separate assertion consumer service for each identity provider.

lucas · December 5, 2018, 1:15am

Thank you very much.

ComponentSpace · December 5, 2018, 2:41am

You’re welcome.