Documentation


Description

A hotfix addresses the SecureAuth IdP / Identity Platform support  for the AssertionConsumerServiceIndex for SAML integrations.

This topic covers the workaround for SAML integrations that require AssertionConsumerServiceIndex instead of AssertionConsumerServiceURL. The AssertionConsumerServiceIndex is used when multiple service providers (SPs) send AuthnRequests to the same SecureAuth IdP endpoint (realm), i.e. many SPs to a single realm. 

For example, Cisco Jabber  is one such provider that requires the use of AssertionConsumerServiceIndex. 

Applies to

SecureAuth IdP versions 9.1, 9.2, 9.3, and the Identity Platform 19.07

Hotfix steps
  1. Contact SecureAuth Support to request a hotfix for this issue. 
    For the Identity Platform version 19.07.01, you can request hotfix version 19.07.01-1.
    For the Identity Platform version 19.07, you can request hotfix version 19.07-2.
    For SecureAuth IdP version 9.3, you can request hotfix version 9.3.0-13.
    For SecureAuth IdP version 9.2, you can request hotfix version 9.2.0-30.
    For SecureAuth IdP version 9.1, you can request hotfix version 9.1.0-53.
  2. When the hotfix is applied, the following files are added to their target directories: 
    - /All/bin/MFC.WebApp.SecureAuth.dll
    - /All/bin/MFC.SAML20.dll
    - /All/bin/MFA.Utilities.dll
  3. Make the following edits to the web.config file: 
    1. Go to the <appSettings> section. 
    2. Add the following line, where where {index} is an absolute value of integer {0,1,2...} and "url_to_return_to" is the URL to redirect the SecureAuth IdP to (i.e. what was previously sent as the AssertionConsumerServiceURL value)

      Syntax
      <add key="AssertionConsumerServiceIndex{index}" value="url_to_return_to" />
      

      For example, a SP sends the following parameter in the query string: AssertionConsumerIndex=”0”  and the target redirect URL is  https://samlconsumer.company0.com.
      The code added to the <appSettings> section should look like the following: 

      Example
      <add key="AssertionConsumerServiceIndex0" value="https://samlconsumer.company0.com" />

      You can add as many keys as you want (AssertionConsumerIndex1, AssertionConsumerIndex2, and so on) as long as the index is unique. See the following examples:

      Example of multiple keys
      <add key="AssertionConsumerServiceIndex0" value="https://samlconsumer.company0.com" />
      <add key="AssertionConsumerServiceIndex1" value="https://samlconsumer.company1.com" />
      <add key="AssertionConsumerServiceIndex2" value="https://samlconsumer.company2.com" />