Spring Security SAML: RelyingPartyRegistration only allows a single ACS binding/location

Expected Behavior

RelyingPartyRegistration should allow multiple ACS binding/location combinations (e.g., POST, REDIRECT, etc.) for a single service provider.

Current Behavior

RelyingPartyRegistration only allows a single ACS binding/location combination for a single service provider.

Context

This is a regression from the old Spring SAML extension. If a single ACS endpoint can't handle more than one binding then multiple SPs have to be registered in the IdP manager.

Comment From: jzheaux

Thanks for the suggestion, @handcraftedbits.

There aren't plans to support HTTP-Redirect for SAML responses since the spec doesn't allow it (line 421). For the time being, there are also no plans to support HTTP-Artifact. With that in mind, I don't know of a supported use case where multiple ACS bindings would be necessary.

RelyingPartyRegistration is designed to support placeholders in order to differentiate multiple tenants from a single location. Can you describe your situation regarding needing multiple ACS locations a bit more?

Comment From: handcraftedbits

You know what, I was confusing this with <SingleSignOnService>. I think this can be closed...

Comment From: abhishek-bafna-amdhan

RelyingPartyRegistration is designed to support placeholders in order to differentiate multiple tenants from a single location. Can you describe your situation regarding needing multiple ACS locations a bit more?

@jzheaux Please can you give me an example of how I can add a placeholder for RelyingPartyRegistration in an xml file?