using something other than entityID to identify SP to IdP

Cantor, Scott cantor.2 at
Wed Dec 16 14:16:29 EST 2015

On 12/16/15, 1:56 PM, "users on behalf of Liam Hoekenga" <users-bounces at on behalf of liamr at> wrote:

>We've got a vendor who use the same entityID and ACS across several, unrelated instances of their SP.  Each of these instances has it's own hostname, from which the authn request originates.  We were trying to figure out of theres anything available
> in the IdP 3.x contexts that could be used to identify specific instances.
>I don't see anything in the authn request, and referrer isn't exactly reliable / trustworthy.

Nothing, by design. It's fine to group things under one entityID, but once you do that, you are explicitly telling an IdP not to treat them differently.

-- Scott

More information about the users mailing list