Passing application context from IdP back to SP

Andrei Remenchuk andrei144 at
Tue Nov 27 22:27:42 EST 2012

On 11/27/2012 9:46 PM, Cantor, Scott wrote:
>> So then how do I support multiple different IdPs for different
>> sub-resources without overrides ?
> Define "support".
> If you're asking how you avoid discovery, try "ShibRequestSetting entityID idpname".
Thanks. I tried that and it works.
It wasn't obvious from the documentation that overriding IdP is possible 
in Apache conf.

By "support" I meant ability to route visitors to different IDPs 
depending on which resource they're trying to access, and possibly apply 
different attribute filtering and access policies. Resource-specific 
settings answer that so far.
I am not really concerned about avoiding discovery. I suppose some 
organizations may prefer us to deal with their discovery services, in 
which case we'll route visitors to discovery instead of IDPs directly, 
if possible.

>> Would that be multiple <SessionInitiator>  entries with different paths ?
> You could, but that's a lot more work.

More information about the users mailing list