Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-19329

Capability to configure the Alfresco Share "prefix" for all SAML calls with property settings


    • Bug Priority:
      Category 2
    • ACT Numbers:

      00956196 Partner



      Capability to configure the Alfresco Share "prefix" for all SAML calls with property settings

      Customer Explanation:

      Currently, the SAML utility attempts to set the Share sso/slo URLs as appended to the base share url (see here: https://docs.alfresco.com/saml/tasks/saml-config-props.html (see properties saml.share.spSloRequestURLSuffix, saml.share.spSloResponseURLSuffix, and saml.share.spSsoURLSuffix)).

      We need to be able to set that whole URL, not just the suffix. We're in a clustered environment behind a proxy, and each of the servers are expecting the host of the server they're on rather than the host of the proxy. Changing the host of the server to the same as the proxy is not an adequate solution, as we need it to be the same for other portions of the application.

      We need, for example, to be able to set the "prefix" of the calls in a ways like this:

      Then, the SP metadata would then have these attributes:
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.exampledomain.com/share/page/saml-logoutrequest" ResponseLocation="https://www.exampledomain.com/share/page/saml-logoutresponse"/>
      <md:AssertionConsumerService isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.exampledomain.com/share/page/saml-authnresponse" index="0"/>

      Rather than:
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="${share.protocol}://${share.host}:${share.port}/share/page/saml-logoutrequest" ResponseLocation="${share.protocol}://${share.host}:${share.port}/share/page/saml-logoutresponse"/>
      <md:AssertionConsumerService isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="${share.protocol}://${share.host}:${share.port}/share/page/saml-authnresponse" index="0"/>




            • Assignee:
              alee Alex Lee
              rpierce Ron Pierce
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: