Thanks Godwin,
It's working by passing the query param to the xml metadata file
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://IP:PORT/samlsso?tenantDomain=domain.com";
ResponseLocation="https://IP:PORT/samlsso?tenantDomain=domain.com"/>
I'm trying to pass it dynamically by picking it up from the login
(email so contains domain name), so I overrode WebSSOProfileImpl
(Spring SAML) by setting the AuthRequest Destination to default
Location with tenantDomain param but it's not picked up.
Any idea why or what should be tweaked for this?
Regards,
Hanen
On Mon, Feb 6, 2017 at 1:04 PM, Godwin Shrimal <god...@wso2.com> wrote:
> Hi Hanen,
>
> If your Service Provider configured in a specific tenant. Ex. foo.com you
> need to send an additional query parameter tenantDomain="foo.com" to
> /samlsso endpoint. Then Identity server looking for the particular service
> provider related to issuer in foo.com tenant. What i described above is
> how to get the tenant for authenticated user. You can try out this scenario
> using travelocity sample and uncomment the line [1] and configure the
> correct tenant domain there.
>
> [1] https://github.com/wso2/product-is/blob/release-5.3.0/
> modules/samples/sso/sso-agent-sample/src/main/resources/
> travelocity.properties#L100
>
> Thanks
> Godwin
>
>
> On Mon, Feb 6, 2017 at 4:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Godwin but I'm afraid it didn't do the trick, there isn't any
>> extra request param appended to the SamlRequest and the tenant is not
>> recognised. How did you test such feature to validate it's working ?
>>
>> Regards,
>> Hanen
>>
>> On Thu, Feb 2, 2017 at 3:14 PM, Godwin Shrimal <god...@wso2.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> Under Local and Outbound configuration of Service provider there is an
>>> option called *Use tenant domain in local subject identifier *which
>>> will append the tenant domain to subject. you can find more information in
>>> [1]
>>>
>>> [1] https://docs.wso2.com/display/IS530/Configuring+Local+and+Ou
>>> tbound+Authentication+for+a+Service+Provider
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Thu, Feb 2, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I have a question regarding SAML2 SSO bewteen a web application having
>>>> Spring SAML and WSO2 IS as an Idp.
>>>>
>>>> Is it possible to take the username pattern: u...@tenant.com
>>>> to identify the tenant which we want to authenticate our user within it?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Senior Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
>>> twitter: https://twitter.com/godwinamila
>>> <http://wso2.com/signature>
>>>
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
