Is it possible for an IdP to service multiple SPs without SSO between SPs?

Raymond Gardner r.gardner at ntta.com
Tue Aug 16 19:33:38 EDT 2016


I have a Shibboleth IdP 3.2.1 environment currently configured to support two different SPs, as:

SP1 -> IdP1 -> Password Auth flow -> SP1 -> App1
SP2 -> IdP1 -> CustomPassword Auth flow -> SP2 -> App2

But right now, when I login for SP1 to access App1, I'm then able to immediately access App2 without login, and vice versa.
Is it possible to configure Shibboleth to keep these two authentication contexts separate?

At some point I'll add support for an App3 and I will want SSO between App2 and App3.  But, App1 is a stand-alone app.
App3 may have a different authentication flow, not sure at the moment.

________________________________
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. NTT America makes no warranty that this email is error or virus free. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160816/6d3670e5/attachment.html>


More information about the users mailing list