Day to Day Java

With this feature WSO2 Identity Server facilitates IdP initiated SAML2 single log out requests. In the SAML service provider configuration UI here is a new configuration called “Enable IdP Initiated SLO”. You can enable this feature using this checkbox. Also you can define redirect URL after the single log out using "Return to URL" under “Enable IdP Initiated SLO” option. Following parameters can be used with IdP initiated SLO request. Parameter Description slo This is a mandatory parameter and must have the value “true” to mark the request as an IdP initiated log out request. spEntityID This is an optional parameter. Value of the parameter should be the SAML issuer name as in “Issuer” field in the SAML service provider configuration UI. returnTo This is an optional parameter. Value of the parameter should be the URL which needs to be redirected to, after the log out. If this parameter is present

This feature enables to define multiple assertion consumer service URLs for a SAML2 service provider.  In the  SAML service provider configuration UI there is a new configuration called “Assertion Consumer URLs”. You can add multiple assertion consumer   URLs for the SAML2 service provider using the “Add” button. Since we have multiple assertion consumer URLs, we need to define a default assertion consumer URL in case we can’t retrieve it from the authentication request. Now SP initiated SSO and IdP initiated SSO flows behave as follows, In SP initiated SSO, If no AssertionConsumerServiceUrl is given in the <AuthnRequest>, IS will send the response to default ACS URL of the SP. (Whether request is signed or not)  If the AssertionConsumerServiceUrl in <AuthnRequest> matches with one of the registered URLs, IS will send the response to the matched one.  If the AssertionConsumerServiceUrl in <AuthnRequest> does not match with any of the registered AC