IBM Security Verify

 View Only
Expand all | Collapse all

SAML IDP Initiated - choosing ACS url via query parameter

  • 1.  SAML IDP Initiated - choosing ACS url via query parameter

    Posted Fri November 19, 2021 07:41 AM

    Have one partner with multiple ACS url. Requirement is two have two url that can be published which isam inturn can post to two different ACS endpoints.


    Can we use AssertionConsumerURL query parameter? Or any other suggestions. 



    ------------------------------
    Guruprasad Saralaya
    ------------------------------


  • 2.  RE: SAML IDP Initiated - choosing ACS url via query parameter

    Posted Mon November 22, 2021 10:22 AM
    Hi Guruprasad,

    When you configure multiple ACS endpoints, each one has an index number.
    You can select which ACS to use by using the AssertionConsumerSvcIndex query string parameter in the SSO trigger.

    For example:

    https://www.idp.example.com/isam/sps/ibmci/saml20/logininitial?ResponseBinding=HTTPPost&NameIdFormat=Email&AssertionConsumerSvcIndex=2&PartnerId=https://www.sp.example.com

    I hope this helps.  Hat tip to @Yongming Chen.

    Jon.​

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------