In our SP Metadata we found that it has 2 ACS URLs and Is there any way to test IDP Initiated SAML SSO to both ACS URLs ?Please advise.
CA SSO Version : 12.6
It'll probably be helpful to share the use case here so the community can better assist.
Are the 2 ACS using different bindings? one HTTP-POST and the other is HTTP-Artifact
If that's the case, you should choose the ACS endpoint that matches what you intend to use for the partnership.
If you see both ACS are using HTTP-POST (I rarely see this), I'm guessing your SP has multiple ACS because it wants to know which IdP is being used by means of which ACS is accessed.
Then the SP should tell you which ACS endpoint you should use out of the 2.
If you want to test both, you can toggle the ACS to use in partnership setting then reactivate the partnership. But I don't think you can have both at the same time in 1 partnership.
I could be wrong.
The SP side has 2 ACS URL, so you can test them by sending aSAMLRequest and configure the IdP and SP partnership to have "AcceptACS URL in the Authnrequest" and insure the SAMLRequest hasAssertionConsumerServiceURL configured.
CA Access Gateway(Secure Proxy Server) acting as I - CA Knowledge
Hope this helps,
Thanks for your response and also for the solution.
It's really helpful and fits in our environment.