Shibboleth Developers

[Bobby Lawrence <>]

Hi - I've been experiencing this problem lately and the only way around 
I've found is to write my own version of an IDP class file - not 
something I enjoy doing.
I'd put in an issue/enhancement feature, but I have no way of logging in 
- I'm not affiliated with any of the organizations on the WAYF page.
Anyway -
I have a situation where I have an SP that sends an AuthnRequest with an 
AssertionConsumerServiceURL.
This SP has metadata so we can sign/encrypt if needed, but no ACS urls 
in the metadata as we want the IDP to use the ACS url in the AuthnRequest.
However, from what I can tell from the source code, the IDP will only 
use the ACS url from the AuthnRequest if the SP is anonymous (has no 
metadata).
I'm wondering if it would be a good idea to change this behavior so that 
if the SP is not anonymous and no endpoint can be found, that the IDP 
uses the endpoint defined in the AuthnRequest.
I dont' want to use anonymous SPs because we'd like to be able to 
sign/encrypt requests, but we don't want to hardcode ACS urls in the 
metadata.
As I stated before, I can get the behavior I want my introducing my own 
edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler 
class into the IDP with the change implemented in the "selectEndpoint" 
method, but I'd rather see this change in the IDP so I don't need my own 
version of this class.
What does everyone think?