IdP initiated SSO fails in master build (February 1st, 2018).
- Deploy two AM instances, each using host level cookies (e.g. idp.amtest2.com and sp.amtest2.com) and using SSL in tomcat. (https://idp.amtest2.com:9443/access, https://sp.amtest2.com:7443/access).
- Note that keystore was setup to include CA cert and certs for both idp and sp and then the keystore was copied to each server (so both AM instances had visibility of all certs). Also added ca cert to JDK cacerts truststore.
- In IdP, create a hosted IdP, circle of trust test_idp, using test signing cert, and mapping mail attribute to mail.
- In SP, create a hosted SP.
- In IdP create a remote SP and in SP create a remote IdP. Note that the metadata urls need to be http versions of the paths to the metadata in order to enable creation to succeed.
- In SP, set Auto federation to true and set attribute as mail attribute.
- In hosted and remote SP definitions, change ACS service endpoints from Consumer to AuthConsumer.
- In IdP create a user, e.g. testuser1 and set a mail attribute.
- In SP create a SAML authentication module, referencing the IdP's https url. Create a chain, e.g. saml2Chain, adding above authentication module as required.
- Perform an SP initiated SSO using url https://sp.amtest2.com:743/acess?service=saml2Chain. Verify that this is successful, user is directed to profile page at SP.
- Perform an IdP initiated SSO, using https://idp.amtest2.com:9443/access/saml2/jsp/idpSSOInit.jsp?metaAlias=/idp&spEntityID=https://sp.amtest2.com:7443/access.
None. Same configuration and test scenario above provides the expected result on 5.5.1.