Customer's application supports only IDP-initiated SAML, but needs to support multiple Assertion Consumer Service URLs (ACS URLs). Customer has added the AssertionConsumerServiceIndex parameter to the IDP-initiated request query string, but Siteminder seems to be ignoring it. How can we achieve this use case?
Release : 12.8.03
Component : SITEMINDER FEDERATION SECURITY SERVICES
Siteminder does not support the AssertionConsumerServiceIndex queery string parameter in IDP-initiated SAML requests. A custom solution is needed.
Use SP-initiated SAML when multiple ACS URLs need to be supported. If switching to SP-initiated SAML is not possible, it may be possible to use an active page to mimic the SP and generate an authnrequest with the needed AssertionConsumerServiceIndex parameter/value, but this is a custom solution outside the scope of Support.
Sample authnrequests can be found here:
As you can see, the only dynamic data in the authnrequest is the date/time information. The resulting SP-initiated URL (assuming REDIRECT binding) will take this format: