I am really new to SAML, but did read through tutorials (at least really tried). I am using samltest.id as IDP and my code will act like SP.
On my local machine, it works as far as I can see(samltest's user page shows and I get redirected back to the correct place). However, when deployed to our preprod site, the SAML process fails. From the samltest's log, I can see this as my request:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
AssertionConsumerServiceURL="https://prep-auth-project.xxxx.xxx/saml/acs"
Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
ID="_b180d98092dd4ff78693d0f5687dc059"
IssueInstant="2023-11-09T08:49:13Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer>http://localhost:44326/saml</saml2:Issuer>
</saml2p:AuthnRequest>
Then further down the log, I see this:
Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://localhost:44326/saml/acs' nor response location 'null' matched 'https://prep-auth-project.xxxx.xxx/saml/acs'
So basically the error seems to be that my metadata's id is localhost and doesn't match with our preprod url. Is there a way to provide multiple response location (e.g. 1 for localhost, 1 for preprod and 1 for prod)? Or we will have to create separate metadata for different running url?