How can an SP send extra information to the IdP

Tom Scavo trscavo at internet2.edu
Fri Jan 8 07:51:04 EST 2016


On Fri, Jan 8, 2016 at 4:43 AM, Bogdan Albei <bogdan.albei at callsign.com> wrote:
>
> We are an IdP that integrates with various SPs on behalf of our customers.
> Let's say we have customer A and customer B that both want us to act as an
> IdP and provide authentication for Office 365. The problem is when we
> receive a SAML request from Office 365(the SP). At that point we need to
> know if that request is made on behalf of customer A or customer B. How
> could the SP send that extra information?

The SAML AuthnRequest contains the globally unique entityID of the SP
making the request (or more accurately, the SP wishing a response). So
no "extra information" is needed.

Tom


More information about the users mailing list