We are working on upgrading from v1.0.2 to v2.9.0. With the old version, we were able to publish multiple assertion consumer service URLs by making changes to the Saml2AuthenticationOptions.Notifications, like:
MetadataCreated = (metadata, urls) =>
{
if (metadata.RoleDescriptors?.FirstOrDefault(spsso => false) is ExtendedServiceProviderSingleSignOnDescriptor _spsso)
{
_spsso.AssertionConsumerServices.Remove(1); // Remove the http artifact
// If using the generic endpoint, we are going to replace the "acs" with "login".
IndexedProtocolEndpoint _endpoint = _spsso.AssertionConsumerServices[0];
UriBuilder _builder = new UriBuilder(_endpoint.Location);
if (_builder.Uri.AbsoluteUri.IndexOf($"/{RequestParameter.SamlGenericEndpointIdentifier}/Acs", StringComparison.OrdinalIgnoreCase) >= 0)
{
_builder.Path = Regex.Replace(_builder.Path, "/acs", "/login", RegexOptions.IgnoreCase);
_endpoint.Location = _builder.Uri;
}
}
},
However, now I am seeing that ExtendedServiceProviderSingleSignOnDescriptor does not exist in the SustainSys.Saml2 library. How are multiple assertion consumer service URLs handled in the latest version?
SpSssoDescriptor basically acts as a 1-for-1 replacement for ExtendedServiceProviderSingleSignOnDescriptor
MetadataCreated = (metadata, urls) =>
{
if (metadata.RoleDescriptors?.FirstOrDefault(spsso => spsso is SpSsoDescriptor) is SpSsoDescriptor _spsso)
{
_spsso.AssertionConsumerServices.Remove(1); // Remove the http artifact
// If using the generic endpoint, we are going to replace the "acs" with "login".
AssertionConsumerService _endpoint = _spsso.AssertionConsumerServices[0];
UriBuilder _builder = new(_endpoint.Location);
if (_builder.Uri.AbsoluteUri.IndexOf($"/{RequestParameter.SamlGenericEndpointIdentifier}/Acs", StringComparison.OrdinalIgnoreCase) >= 0)
{
_builder.Path = Regex.Replace(_builder.Path, "/acs", "/login", RegexOptions.IgnoreCase);
_endpoint.Location = _builder.Uri;
}
}
},