Passing application context from IdP back to SP
Andrei Remenchuk
andrei144 at gmail.com
Tue Nov 27 22:27:42 EST 2012
On 11/27/2012 9:46 PM, Cantor, Scott wrote:
>
>> So then how do I support multiple different IdPs for different
>> sub-resources without overrides ?
> Define "support".
>
> If you're asking how you avoid discovery, try "ShibRequestSetting entityID idpname".
Thanks. I tried that and it works.
It wasn't obvious from the documentation that overriding IdP is possible
in Apache conf.
By "support" I meant ability to route visitors to different IDPs
depending on which resource they're trying to access, and possibly apply
different attribute filtering and access policies. Resource-specific
settings answer that so far.
I am not really concerned about avoiding discovery. I suppose some
organizations may prefer us to deal with their discovery services, in
which case we'll route visitors to discovery instead of IDPs directly,
if possible.
>
>> Would that be multiple <SessionInitiator> entries with different paths ?
> You could, but that's a lot more work.
More information about the users
mailing list