Jump to content

Enable Support for using AssertionConsumerServiceURL based on the url of the user accessing Passwordstate in SAML Requests to allow for multiple app URLs to be used on one instance.


Recommended Posts

We are looking to present Passwordstate via a differrent URLs to our internal & external users External users proxied via a browser based VPN), while still using SAML protocol to authenticate users and the same IDP configuraiton. 

When decoding a SAML auth request from Passwordstate, the optional AssertionConsumerServiceURL value is not included. Since this value is not specified, the IDP will always redirect users to the default AssertionConsumerServiceURL configured in the IDP, despite other AssertionConsumerServiceURLs being present in the IDP configuration - whihc means that regardless of the URL used to access passwordstate, the user will always be directed to the default IDP replyURL. 


If this field was built from the users current URL/domain and supplied in the request, then as long as the URL used is configured in the IDP, the IDP will redirect the user to their original URL on successful auth. This would enable 1 IDP configuration to be used for multiple app urls/domains. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...