using something other than entityID to identify SP to IdP
cantor.2 at osu.edu
Wed Dec 16 14:16:29 EST 2015
On 12/16/15, 1:56 PM, "users on behalf of Liam Hoekenga" <users-bounces at shibboleth.net on behalf of liamr at umich.edu> wrote:
>We've got a vendor who use the same entityID and ACS across several, unrelated instances of their SP. Each of these instances has it's own hostname, from which the authn request originates. We were trying to figure out of theres anything available
> in the IdP 3.x contexts that could be used to identify specific instances.
>I don't see anything in the authn request, and referrer isn't exactly reliable / trustworthy.
Nothing, by design. It's fine to group things under one entityID, but once you do that, you are explicitly telling an IdP not to treat them differently.
More information about the users