Setting AuthnRequest (SP)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Setting AuthnRequest (SP)

hrncir
Hello,

I'm new with Shibboleth and I would like to configure my SP side with it. After basic setting the actual situation is:

I send request to IdP like this:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://xxxx.xxx/Shibboleth.sso/SAML2/POST" Destination="https://x/fed/idp/samlv20" ID="_68388e83c4a6060d3c08e8bb7c59806c" IssueInstant="2016-01-12T16:11:56Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">402E4F76-DFA5-4654-8A25-75603E0CA0CC</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>
 
But my IdP is forcing me to send request exactly like this (+signed):
<samlp:AuthnRequest ID="_24d39e98f5f96c23b6b3198690cb78cb" Version="2.0" IssueInstant="2015-12-22T08:43:52Z" Destination="https://xxx.xxx.sk/fed/idp/samlv20" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">402E4F76-DFA5-4654-8A25-75603E0CA0CC</saml:Issuer>
                <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/>
</samlp:AuthnRequest>

So the question is - Is there any way to edit my request as IdP wants to ?
-to don't send "AssertionConsumerServiceURL="https://xxxx.xxx/Shibboleth.sso/SAML2/POST"
-to don't send "ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-to add "Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" into NameIDPolicy
-to add "Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"

Thank you for your help community !