多个 ACS 网址 [英] More than one ACS url
问题描述
我们将 PingFederate 用于 SSO 并且是 SP 发起的.并且 Ping Federate 将像 Idp 一样工作.对于应用程序,有 2 个网络服务器(用于高可用性
we are using PingFederate for SSO and is SP initiated. and Ping Federate will act like Idp. For application there are 2 webservers(for high availability
我的问题是1.我们可以提供两个默认的url吗(在控制台中默认只能设置一个url.在这种情况下,我们可以提供两个逗号分隔的url吗?)
My questions is 1. can we provide two urls as default(In console as only one url can be set as default. in this case can we provide two comma seperated urls).
- 可以为 ACS url 提供负载均衡器 url.
谢谢!
推荐答案
我认为您希望在 SP 元数据中发布断言使用者服务 URL,因为它特定于服务提供者.
I think you want to publish the assertion consumer service URLs in SP metadata, as it is specific to the service provider.
对于 SP 支持的特定绑定,您可以拥有唯一或相同的 ACS 端点,并且端点必须了解对来自 IdP 的绑定的响应.此外,ACS 端点可以被索引,任何一个都可以在元数据中设置为默认值.示例:
You can have unique or same ACS endpoint for specific binding the SP supports and the endpoint has to understand response wrt to binding from IdP. Also ACS endpoints can be indexed and any one can be set as default in the metadata. Example:
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sts.contoso.com/adfs/ls/" index="0" isDefault="true" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sts.contoso.com/adfs/ls/" index="1" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sts.contoso.com/adfs/ls/" index="2" />
只要 IdP 可以从外部访问 SP 服务器,您就可以使用负载均衡器 URL.
As long as IdP can reach the SP server from outside world, you could use load balancer URL.
这篇关于多个 ACS 网址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
