What should go into the "Issuer" field?

Question

What should go into the "Issuer" field?

chtenb opened this issue 4 years ago · comments

In the sample code when creating a authentication request, the issuer is set to the application URL.

	var request = new AuthRequest(
		"http://www.myapp.com", //TODO: put your app's "unique ID" here
		"http://www.myapp.com/SamlConsume" //TODO: put Assertion Consumer URL (where the provider should redirect users after authenticating)
		);

I've noticed that when I leave this empty, everything seems to "just work". What is the purpose of this field?

chtenb commented 4 years ago

Thanks!

Alexander Yumashev · Answer 1 · Thu Jun 18 2020 17:27:46 GMT+0800 (China Standard Time)

It's an informational field that defines your app uniquely. It might work, but it makes it hard to look through the logs afterwards.

chtenb · Answer 2 · Wed Jul 15 2020 15:00:59 GMT+0800 (China Standard Time)

This is also commonly referred to as "entity ID", correct?

Alexander Yumashev · Answer 3 · Wed Jul 15 2020 15:28:39 GMT+0800 (China Standard Time)

Yes, correct. We should probably rename that field to remove confusion