Update entity IDs to drop spurious protocol #2524
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Our entity ID does not actually include a protocol (https://). In a recent IDP integration, we discovered that including the protocol can cause an error due to the audience restriction not matching the actual audience (the entity ID). It appears some IDPs remove the protocol automatically and some do not. In any case, the correct value is the login hostname with no protocol.
markdboyd
approved these changes
Jul 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this pull request:
Our entity ID does not actually include a protocol (https://). In a recent IDP integration, we discovered that including the protocol can cause an error due to the audience restriction not matching the actual audience (the entity ID). It appears some IDPs remove the protocol automatically and some do not, OR prior customers have used our metadata endpoint instead of manually configuring the integration. In any case, the correct value is the login hostname with no protocol.
You can see our actual entity ID (no protocol) in our staging and production metadata.
Security Considerations
None; updates to public information