One IdP serving separate security (LDAP) domains

Cantor, Scott cantor.2 at osu.edu
Wed Apr 3 15:09:38 EDT 2013


On 4/3/13 2:57 PM, "Alan Angulo (live at edu admin)" <alan at live.esu.edu>
wrote:

>I'm trying to setup one IdP to serve 2 separate security domains (ex.
>DOMX.EDU and DOMY.EDU).

The software doesn't know about domains as a concept, so there's something
you mean by it that you'll have to be more explicit about.

>I followed the documentation for IdPMultipleLDAP
>(https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMultipleLDAP)
>but that applies only to multiple LDAPs in the same security domain.

I don't think it has anything to say about the question. Skimming it, I
don't see how it would be any different apart from the details that will
be totally specific to any site's needs.

One issue I can think of that you might mean would be that usernames in
your two directories aren't unique. In that event, I would guess you
either have to require users to enter the domain as part of the username,
or you need two IdPs.

-- Scott




More information about the users mailing list