Follow
SSO Metadata - The Correct Download URL's

Problem

The metadata URL's in your production environment currently point to metadata files that only contain one set of Assertion Consumer Service (ACS) URL's.  Currently, the ACS URL's only point to our old domain endpoints.

 

Example of metadata from our current download links: 

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://domain.attask-ondemand.com/attask/saml2consumer.cmd" index="0" isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT" Location="https://domain.attask-ondemand.com/attask/saml2consumer.cmd" index="1"/>
 
Example of what the metadata ACS section should look like:
 
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://domain.attask-ondemand.com/attask/saml2consumer.cmd" index="0" isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT" Location="https://domain.attask-ondemand.com/attask/saml2consumer.cmd" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://domain.my.workfront.com/attask/saml2consumer.cmd" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT" Location="https://domain.my.workfront.com/attask/saml2consumer.cmd" index="3"/>

 

Solution

There is a public URL you can use to download metadata that contains both sets of ACS URL's.  Using this metadata file will allow you to use SSO with both our new and our old endpoints.  Change the 'domain' portion of the URL below to match your production environment's domain name.  Then, you will be able to use the URL to download a copy of your correct metadata featuring both ACS URL's.

 

https://domain.attask-ondemand.com/attask/ssoExportSAML2MetaData.cmd