Question about multiple idps

Shawn Biesan 2perdo at
Mon Jul 9 12:04:54 EDT 2018

Hey, I'm fairly new to shibboleth and had some questions

So currently we have a shibboleth IDP that works. We have 3-5 Service
Providers that hit our shibboleth IDP.

Sometime in the future there will be an outside group with their own IDP
that we want to auth into our existing infrastructure.

I'd really like for the users of the external system to be able to SSO into
our system from theirs. Ignoring the problem of syncing users between the
two IDPs how can I structure this all? From this perspective is there a way
I can treat our IDP as a Service Provider from the external client's
perspective so all the existing SPs just work? Should the 3-5 existing SPs
just trust both IDPs?

Most of my struggles is not understanding the terminology of what I'm
trying to do so it's tough for me to figure out how to find it in the docs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list