Hello,
I read in a few forums that you provide the overload for SAMLServiceProvider.InitiateSSO(response, relayState, idp.Name, null, “ACS”, null) where people need to use multiple ACSs.
However, I tired this with a few IDPs like ADFS ,okta and keycloak and I run in errors. I have to do something extra in the idp configuration to get it to work.
Is there something i am missing or i can do differently?
Some IdPs check the ACS URL included in the SAML authn request against those listed for the SP at the IdP.
For example, with ADFS ensure the ACS URL is included in the relying party configuration.
Most SSO issues are related to configuration mismatches. If you’re still seeing errors, you’ll need to get the details from the IdP.
[quote][/quote]
Some IdPs check the ACS URL included in the SAML authn request against those listed for the SP at the IdP.
For example, with ADFS ensure the ACS URL is included in the relying party configuration.
Most SSO issues are related to configuration mismatches. If you're still seeing errors, you'll need to get the details from the IdP.
For example, with ADFS ensure the ACS URL is included in the relying party configuration.
Most SSO issues are related to configuration mismatches. If you're still seeing errors, you'll need to get the details from the IdP.
Ya, that the issue, that i have to do extra stuff on the idp to make this overload method work.
Is there a way we can send multiple acs in the sp metadata to the IDP?
Yes, multiple ACS URLs are supported by the SAML specification. We support this through our low-level API but currently it’s not supported through our high-level API for constructing SAML metadata.
If you have SAML metadata already with a single ACS, you can simply edit the XML directly to add more ACS URLs.