opensso
  1. opensso
  2. OPENSSO-3319

SAE not picking entityID from application via url

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: current
    • Fix Version/s: OpenSSO-8.1
    • Component/s: fam
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      3,319

      Description

      Current SA_IDP.jsp does not using the entityID when application provided as a
      url parameter, in a multi-entity provider environment, it is always picking up
      the first entity which is not correct. So, our SA_IDP.jsp need to be modified
      to check url parameters, to see if there is provided idp from application, and
      should use that entity provider instead of picking the first one in the list.

        Activity

        Hide
        veiming added a comment -

        reassign to qingwen.

        Show
        veiming added a comment - reassign to qingwen.
        Hide
        qcheng added a comment -

        re-assign

        Show
        qcheng added a comment - re-assign
        Hide
        rajeevangal added a comment -

        Finding so far :

        The issue is that when there are multiple SPs configured for the same host url
        the default implementation of SA_IDP.jsp:getTrustedSP() has no choice but to
        pick the first URL match with the entityid.
        While plausible - it is not very likely practical delployments will have
        multiple SP metadata registered with the same IDP.

        So for the specific POC - it is recommended a single per-SP metadata be setup on
        the IDP.

        In general - the default implementation in SA_IDP.jsp to pick the pick the
        first matching SP is perfectly okay since there is no way to write a generic
        routine that can take care of all cases.

        One possible enhancement is to allow the IDP-APP to specify the SP entity id to
        be used as part of the SAE blob - eg a parameter called "spentityid" - this
        param can be used by SA_IDP.jsp to identify the sp entity id and to fall thru to
        calling getTrustedSP() if one is not specified. In general this option should be
        used in advanced usecases only .

        Show
        rajeevangal added a comment - Finding so far : The issue is that when there are multiple SPs configured for the same host url the default implementation of SA_IDP.jsp:getTrustedSP() has no choice but to pick the first URL match with the entityid. While plausible - it is not very likely practical delployments will have multiple SP metadata registered with the same IDP. So for the specific POC - it is recommended a single per-SP metadata be setup on the IDP. In general - the default implementation in SA_IDP.jsp to pick the pick the first matching SP is perfectly okay since there is no way to write a generic routine that can take care of all cases. One possible enhancement is to allow the IDP-APP to specify the SP entity id to be used as part of the SAE blob - eg a parameter called "spentityid" - this param can be used by SA_IDP.jsp to identify the sp entity id and to fall thru to calling getTrustedSP() if one is not specified. In general this option should be used in advanced usecases only .
        Hide
        exu added a comment -

        A nice to have RFE. Not many deployment would use this use case. Postpone it to
        8.1. It may be pulled in earlier if there are other big changes needed in SAE.

        Show
        exu added a comment - A nice to have RFE. Not many deployment would use this use case. Postpone it to 8.1. It may be pulled in earlier if there are other big changes needed in SAE.
        Hide
        veiming added a comment -

        update target

        Show
        veiming added a comment - update target
        Hide
        veiming added a comment -

        update target

        Show
        veiming added a comment - update target

          People

          • Assignee:
            exu
            Reporter:
            ashokanumandla
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: