SAML integrations using AssertionConsumerServiceIndex hotfix

Description

A hotfix addresses the SecureAuth IdP / Identity Platform support for the AssertionConsumerServiceIndex for SAML integrations.

This topic covers the workaround for SAML integrations that require AssertionConsumerServiceIndex instead of AssertionConsumerServiceURL. The AssertionConsumerServiceIndex is used when multiple service providers (SPs) send AuthnRequests to the same SecureAuth IdP endpoint (realm), i.e. many SPs to a single realm.

For example, Cisco Jabber is one such provider that requires the use of AssertionConsumerServiceIndex.

Applies to

SecureAuth IdP versions 9.1, 9.2, 9.3, and SecureAuth® Identity Platform versions 19.07 and 19.07.01.

Note

This fix is available in the Identity Platform version 20.06+ and does not require a hotfix.

Hotfix steps

  1. Contact SecureAuth Support to request a hotfix for this issue.

    For the Identity Platform version 19.07.01, you can request hotfix version 19.07.01-1. 

    For the Identity Platform version 19.07, you can request hotfix version 19.07-2.

    For SecureAuth IdP version 9.3, you can request hotfix version 9.3.0-13.

    For SecureAuth IdP version 9.2, you can request hotfix version 9.2.0-30.

    For SecureAuth IdP version 9.1, you can request hotfix version 9.1.0-53.

  2. When the hotfix is applied, the following files are added to their target directories:

    - /All/bin/MFC.WebApp.SecureAuth.dll

    - /All/bin/MFC.SAML20.dll

    - /All/bin/MFA.Utilities.dll

  3. Make the following edits to the web.config file:

    1. Go to the <appSettings> section.

    2. Add the following line, where where {index} is an absolute value of integer {0,1,2...} and "url_to_return_to" is the URL to redirect the SecureAuth IdP to (i.e. what was previously sent as the AssertionConsumerServiceURL value)

      Syntax

      <add key="AssertionConsumerServiceIndex{index}" value="url_to_return_to" />
      

      For example, a SP sends the following parameter in the AuthnN request: AssertionConsumerIndex=”0” and the target redirect URL is https://samlconsumer.company0.com.

      The code added to the <appSettings> section should look like the following:

      Example

      <add key="AssertionConsumerServiceIndex0" value="https://samlconsumer.company0.com" />

      You can add as many keys as you want (AssertionConsumerIndex1, AssertionConsumerIndex2, and so on) as long as the index is unique. See the following examples:

      Example of multiple keys

      <add key="AssertionConsumerServiceIndex0" value="https://samlconsumer.company0.com" />
      <add key="AssertionConsumerServiceIndex1" value="https://samlconsumer.company1.com" />
      <add key="AssertionConsumerServiceIndex2" value="https://samlconsumer.company2.com" />