I am implementing an IDP initiated SAML authentication handshake. I have found that the AssertionConsumerService Location must match the authentication request URL. For example:
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://10.193.204.21/ibi_apps/saml/SSO/alias/defaultWFAlias" index="0" isDefault="true"/>
In most cases this is fine because the service provider has a static hostname. However, we do development on virtual machines each of which is allocated an IP address when it is checked out. So the IP address is not known until the VM is checked out. This requires that each developer edit the SP metadata file and change the AssertionConsumerService Location. We'd like to avoid this manual step.
The service provider in this case is WebFocus which is using spring-security-saml2-core-1.0.0.RC3-SNAPSHOT.
Is it possible to configure Spring security so that the AssertionConsumerService is not required in our development environments? Or are there any other suggestions for supporting this type of environment with a dynamic AssertionConsumerService location?