How to setup Shibboleth SP for a multi-tenant application

den at den at
Fri Feb 9 04:32:45 EST 2018

Hi gurus
I'm new to shibboleth and want to setup an SSO environment for testing SSO through SAML2 in a single SaaS application supporting multi tenants.

My SaaS application has ENTERPRISE_ID USER_ID and USER_PASS as needed parameters to login .

I now want to use Shibboleth-sp for supporting SAML2 based SSO , users of each ENTERPRISE_ID will have a corresponding IDP for authentication.

But my application has only one global URL, I want to know, whether I could add this SSO feature supporting multi tenant application (with only one server instance) by adding a virtual directory for each ENTERPRISE_ID in shibboleth2.xml, like the following:


<!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->
    <RequestMapper type="Native">
        <RequestMap applicationId="default">

            <Host name="" authType="shibboleth" requireSession="true">
                <Path name="same-app_aliasA" applicationId="same-app_aliasA"/>
                <Path name="same-app_aliasB" applicationId="same-app_aliasB"/>
                <Path name="same-app_aliasC" applicationId="same-app_aliasC"/>



<ApplicationDefaults id="default" policyId="default"
        REMOTE_USER="eppn persistent-id targeted-id"


        <!-- Overrides for other-app -->
         <ApplicationOverride id="same-app_aliasA" entityID="">
             <Sessions lifetime="28800" timeout="3600" checkAddress="false"
                handlerURL="/aliasA/Shibboleth.sso" handlerSSL="false">
<ApplicationOverride id="same-app_aliasB" entityID="">
             <Sessions lifetime="28800" timeout="3600" checkAddress="false"
                handlerURL="/aliasB/Shibboleth.sso" handlerSSL="false">
<ApplicationOverride id="same-app_aliasC" entityID="">
             <Sessions lifetime="28800" timeout="3600" checkAddress="false"
                handlerURL="/aliasC/Shibboleth.sso" handlerSSL="false">


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list