Closed kboumedal closed 11 months ago
pitbulk
commented
1 year ago No, the ACS URL needs to be defined at the Service Provider and then registered at the IdP.
SP validates that the generated SAMLResponse from the IdP matches the ACS URL defined at the SP, so this value needs to be defined by the toolkit.
You can make the ACS endpoint dynamic, and based on the parameter provided, read an specific SAML Settings related to an SP defined, and an specific IdP.
kboumedal
commented
11 months ago I'm not sure I understand your reply.
How can I make the ACS endpoint dynamic ?
pitbulk
commented
11 months ago as simple as accepting an extra parameter on such endpoint, and based on such extra parameter load 1 SAML settings array.
kboumedal
commented
11 months ago Ok thanks, I think the problem comes from another bundle which uses yours, I will open an issue in this one !
Would it be possible to let the sp acs url empty, in order to let the idp define the redirect url?
My case is that I want my sp to redirect automatically users on login.microsoftonline.com, where they can connect with their e-mail address, then microsoft redirect them on their specific tenant according the e-mail (There are multiple).
Once they are logged in, the idp knows where to redirect them (https://my-idp.com/acs?idp=correct-idp).
Thanks in advance !