Serving multiple IDP from ApplicationOverride SP setup
Cantor, Scott
cantor.2 at osu.edu
Tue Sep 16 16:49:59 EDT 2014
On 9/16/14, 4:39 PM, "Zico" <mailzico at gmail.com> wrote:
>
>I am just curious if it is possible to connect multiple IDP's entityID
>from one Shib SP instance?
The proper way to support multiple IdPs is with a discovery interface.
Anything else is a copout that prevents actual federated access to a
single set of resources, which is almost always a use case even when SPs
are convinced they know better. There are "single organization" federation
use cases in which there will still be multiple IdPs, so there is never a
valid assumption that only a single IdP per resource is appropriate. It's
a simplification that creates a limitation.
>Now, I want:
>1. "testsp.test.com/ext1 <http://testsp.test.com/ext1>" to move for
>"testIDP1.test.com <http://testIDP1.test.com>"
>2. "testsp.test.com/ext2 <http://testsp.test.com/ext2>" to move for
>"testIDP2.test.com <http://testIDP2.test.com>"
>3. "testsp.test.com/ext3 <http://testsp.test.com/ext3>" to move for
>"testIDP3.test.com <http://testIDP3.test.com>"
>
>Is it possible?
Yes, you set an entityID content setting on those three directories/paths.
You just shouldn't do it.
>I am not going to implement this in any production environment but I am
>just playing here... so, just asking. :-)
It's extremely common to do all of that in production, which is why I'm
noting that it's not a good decision, just a very typical one.
-- Scott
More information about the users
mailing list