4

I have system with two loadbalancer exposing application for separate networks.

In application spring-saml extension is used for authentication with IdP (one visible from both networks). For first location all working as expected - default SP with entityId=exampleSP1.

When I configure second SP metadata (local with different entityId=exampleSP2) and call it using /saml/login/alias/exampleSP2 Application receive successful response from IdP but during SAMLCredential validation exception is thrown: "SAML message intended destination endpoint did not match recipient endpoint"

When using second SP destination endpoint is different from configured in contextProviderLB and exception occur.

Is a way to define separated contextProviderLB depends on which SP is used (or initial URL) ?

Dariusz Skrudlik
  • 509
  • 7
  • 16

1 Answers1

0

You're hitting an issue in https://jira.spring.io/browse/SES-150 which is now fixed in trunk. Please update your Spring SAML. And thank you leaving your comment in Jira.

Vladimír Schäfer
  • 15,375
  • 2
  • 51
  • 71
  • Yes, you have partial right (there is my comment for that issue). But this don't resolve my problem. I resolve it by configure separate set of all saml beans - with different metadata and loadBalancerContex. Moreover I must define own authentication provider which switch between two defined with appropriate entityId. – Dariusz Skrudlik Oct 09 '14 at 09:21