Petr, It is required in the service definition / saml metadata to prevent a malicious site from providing an ACS URL that does not match the entityId.
Ray On Tue, 2024-08-27 at 06:16 -0700, Petr Bodnár wrote: You don't often get email from p.bod...@centrum.cz. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi, when registering a service provider (SP) to CAS via the JSON variant of configuration, onecould historically fill in the assertionConsumerServiceUrl attribute, or leave it empty. The very same attribute comes in the SAML AuthnRequest and contains the URL where the SP wishes to send the SAML response. So is it that the assertionConsumerServiceUrl in JSON configuration is just thedefault value for the case it is not present in the SAML AuthnRequest? And if so, can somebody tell why this attribute was made required since some version of CAS 7.0.x (see commitensure saml SLO/ACS objects have a valid location<https://github.com/apereo/cas/commit/d37229b6aa0e9125577ff5e92d39083de31c7117>)? For our use case, we probably always want the SP to fill the URL in the request, but we are forced to also fill some value in the JSON configuration now, which doesn't seem to make sense? Regards Petr -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4455be82d282f017996cc3d1488ebcfde8e6f7b1.camel%40uvic.ca.
