ComponentSpace

Forums



AssertionConsumerServiceUrl https


AssertionConsumerServiceUrl https

Author
Message
aliasgarmb
aliasgarmb
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 2, Visits: 19
Hello,
I am using ForgeRock AM as the Identity Provider with an ASP.NET Webforms application as the Service Provider. I am doing an SP initiated SSO.
The webform application (SP) and IDP are running on HTTP. I have specified the AssertionConsumerServiceUrl in saml.config as HTTP. However, when initiating the SSO, the SAML request has the AssertionConsumerServiceUrl as HTTPS. Do you know why it is being switched to HTTPS even though the SAML.config is has the AssertionConsumerServiceUrl set as HTTP? Please note that it uses HTTP when doing an IDP initiated SSO, which works fine.


<samlp:AuthnRequest ID="_d5b6b743-40fc-42ef-9ba8-1c7219d62356" Version="2.0" IssueInstant="2022-03-01T21:01:40.138Z" Destination="http://openam.example.com:8080/openam/SSORedirect/metaAlias/idp" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://openam.example.com/Niad/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://NiadServiceProviderhttp://NiadServiceProvider</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, relayState=


See attached SAML Trace.
Attachments
SamlTrace.log (0 views, 7.00 KB)
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)

Group: Administrators
Posts: 3K, Visits: 10K
In earlier releases we forced the switch to HTTPS.

HTTPS is required as the SAML_SessionID cookie we use in support of the SAML protocol must be set as Secure and SameSite=None.

HTTP happens to work for IdP-initiated SSO as no previous state information (ie the SAML_SessionID cookie) is required.

It's strongly recommended you use HTTPS in all environments including production, test and development.



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search