Configure one SP for multiple IDP
Cantor, Scott
cantor.2 at osu.edu
Thu May 12 11:02:34 EDT 2016
> I want to configure one SP for multiple IDP. I know that it's already possible
> but I have a constraint is that the user shouldn't know that there's many IDP.
That is, for the record, not a reasonable constraint in a federated world.
> In fact the SP have to recognise the right Idp by analysing the url of the
> resource requested :
The specific selection of the IdP can be driven in the SP based on a content setting applied via Apache or the RequestMap, by providing the entityID setting naming the IdP to use.
That does not prevent any given IdP's assertion from being accepted for login to any resource, if that the SP trusts it. It's assumed that you have authorization in place based on attributes.
-- Scott
More information about the users
mailing list