Cross domain IdP trust

Peter Schober peter.schober at
Tue Nov 22 16:50:09 GMT 2011

* Cal Heldenbrand <cal at> [2011-11-22 17:35]:
> Each IdP has an entirely separate user/pass namespace.  And, I want each
> IdP to "trust" each other, in the sense that any user logged in at any of
> the IdPs will *transparently* have access to each SP without logging in
> again.  No discovering IdP's or selecting where to log in, and only a
> single authentication allows access to all domains.

I probably don't understand the requirements but if all three SPs
federate with all three IdPs the only problem left to solve is IdP
discovery, no?

More information about the users mailing list