Auto-detect and forward to IDP?

Jason B. Rappaport jasonrap at
Thu Dec 12 08:30:02 EST 2019

Hello Shibboleth community!  


We are trying to figure out if the following is possible behavior by an SP.



We run our PeopleSoft environment behind a web proxy that handles
authentication via Shibboleth SP and communicates to our production
Shibboleth IDP.  When one logs into PeopleSoft, a primary page loads (site
A) that contains (for lack of a better descriptor) includes from other sites
(sites B and C).  Sites B and C are protected by our Shibboleth SP, so for
the content to load it hits our Shibboleth IDP seamlessly and the content
loads without anyone knowing that three assertions occurred (sites A, B, and
C).  This behavior works great today. 


Is this possible?

What we would like to do on initial login is have the SP present two IDP to
select from; i.e. a chooser.  The user would then select, and the SP would
send them to the appropriate IDP and the behavior described above would
proceed.  The issue we are running into, is when sites B and C load, is they
are going to the chooser and not loading the content as described above when
we have a single IDP in the mix. So the question is, is it possible for the
SP to detect what IDP was selected initially so that all subsequent requests
from site B and C are directed to the IDP selected?  If this is possible
how?  If this is not possible, is there a another alternative we should be



Thanks, Jay 


Jason Rappaport

Identity and Access Management Analyst

Office of Information Technology

Email:   <mailto:jasonrap at> jasonrap at 

Office:  609-258-8464


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5653 bytes
Desc: not available
URL: <>

More information about the users mailing list