问题
My SAML request from WSO2 to my IdP contains the port still in the AssertionConsumerServiceURL in the AuthnRequest. I am running the system behind a reverse proxy and need to change this URL.
Please help, I cannot find it in any configs, thank you
回答1:
To change the hostname : Set the "MgtHostName" value to your hostname at repository/conf/carbon.xml
To change the port : Add proxyPort="443" attribute to the HTTPS connector element at the repository/conf/tomcat/catalina-server.xml
回答2:
In repository/conf/identity/application-authentication.xml you can set a property on the SAMLSSOAuthenticator:
<AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
<Parameter name="SAMLSSOAssertionConsumerUrl">
https://sso.your-url.com/commonauth
</Parameter>
<Parameter name="VerifyAssertionValidityPeriod">true</Parameter>
<Parameter name="TimestampSkew">300</Parameter>
</AuthenticatorConfig>
This is the relevant code in WSO2-IS that builds a authenticationRequest:
String acsUrl = null;
AuthenticatorConfig authenticatorConfig =
FileBasedConfigurationBuilder.getInstance().getAuthenticatorConfigMap()
.get(SSOConstants.AUTHENTICATOR_NAME);
if (authenticatorConfig != null){
String tmpAcsUrl = authenticatorConfig.getParameterMap().get(SSOConstants.ServerConfig.SAML_SSO_ACS_URL);
if(StringUtils.isNotBlank(tmpAcsUrl)){
acsUrl = tmpAcsUrl;
}
}
if(acsUrl == null) {
acsUrl = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
}
In other words it checks if this configuration exists, otherwise it will create it based on the hostname & the commonauth endpoint setting.
来源:https://stackoverflow.com/questions/39156036/change-assertionconsumerserviceurl-in-authnrequest-in-wso2-is