When creating metadata.xml file the md:AssertionConsumerService tag is added using "http(s)://{domain}/saml/consume" as the contents.
SAML supports multiple AssertionConsumerService tags so in theory we should be able to generate metadata which could contain the md:AssertionConsumerService tags for multiple domains. Then when the SAML Authentication request is generated it would explicitly define which ACS url to return the user to.

We would need a configuration field to allow for multiple domains to be listed, as well as if this is used require the Entity ID to be set as by default it will use "http(s)://{domain}/user" as the Entity ID and as the metadata would then be able to be requested from multiple domains we don't want there to be some confusion.

CommentFileSizeAuthor
#2 3098233-2-support-multiple-domains.patch26.58 KBjrglasgow

Comments

jrglasgow created an issue. See original summary.

jrglasgow’s picture

jrglasgow commented
Status: Active » Needs review
StatusFileSize
new 3098233-2-support-multiple-domains.patch26.58 KB

this patch should do the trick

It adds on the SP config form a text area to enter in different urls for the consumer service. It uses custom settings/metadata classes to generate the metadata using those urls, if no urls are entered in the default is used.

  • jrglasgow committed 1661cce on 8.x-3.x 
    Issue #3098233 by jrglasgow: support multiple domain names for the same...
jrglasgow’s picture

jrglasgow commented
Status: Needs review » Fixed

  • jrglasgow committed 4da6584 on 8.x-3.x 
    Issue #3098233 by jrglasgow: added files that were missed in a previous...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.