ShibbolethSP+ADFS and vhosts

[Cantor, Scott]

There's no way in SAML to do username hinting, but that notwithstanding, all that stuff about vhosts implies you're trying to avoid defining an SP entityID uniquely for each vhost, and so you should do that (and in most cases you ought to do it anyway, this issue notwithstanding, since they're generally not the same service).

Whether ADFS supports identifying the ACS endpoint at runtime in an IdP-initiated request I wouldn't know. Shibboleth does (that's the shire parameter).

-- Scott