Can you run multiple instances of Shibboleth for SP?

Nate Klingenstein ndk at signet.id
Mon Jul 1 01:51:57 EDT 2019 

Chad,

Yes, you can use an arbitrary number of SP's at an IdP.  The configuration will be old-school if you don't want to use a discovery interface, but it's certainly possible.

https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+Service
https://wiki.shibboleth.net/confluence/display/SP3/SessionInitiator

To expound on the multiple domain aspect as an aside, it depends entirely on whether you will be running these two domains as virtual hosts on a single server (farm) or as independent domains.  In the former case, you would install Shibboleth on each node and configure it for the appropriate domains, preferably with a scripting mechanism like Puppet or Docker.   In the latter case, they would be treated as entirely separate environments.  But regardless, it's largely orthogonal: to the IdP, these are just SP's, and some load more than 5000 of them.

Take care,
Nate.
 
-----Original message-----
> From: chad phillips
> Sent: Sunday, June 30 2019, 11:18 pm
> To: users at shibboleth.net
> Subject: Re: Can you run multiple instances of Shibboleth for SP?
> 
> Thank you for the reply. I should have been clearer with my question :)
> 
> My setup is
> DomainA.com with SP A (using Shiboleth).  The IDP is Salesforce.
> DomainB.com with SP B (using Shiboleth). The IDP is Azure.
> 
> I already have setup DomainA.com with SP A (using Shiboleth).  The IDP
> is Salesforce.
> 
> So my question is can I use the same instance of Shiboleth for
> DomainB.com, SP B, but it will be using a different IDP.
> 
> From Scott's reply, I believe what I want to do is possibl.  Is this
> what I need to be looking at?
> https://wiki.shibboleth.net/confluence/display/SP3/ApplicationOverride#ApplicationOverride-MetadataforaNewSP
> 
> thanks
> 
> 
> > From: Les LaCroix <llacroix at carleton.edu>
> > To: Shib Users <users at shibboleth.net>
> > Subject: Re: Can you run multiple instances of Shibboleth for SP?
> > Message-ID:
> >         <CA+0uUd-Fqn1_RVyaaDBikyoVscc-nJkOCOUO2jtGBj+MG9Cc3Q at mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > >
> > > You cannot run multiple instances, nor is that necessary for anything
> > > you're asking about.
> >
> >
> > I interpreted the question differently, with the focus being on whether or
> > not one linux server could run independent IdPs.  I've run multiple IdPs
> > behind one httpd, so I expected the answer was "yes".  :-)  I don't see why
> > one cannot host separate IdPs for RoboSquirrels.biz and ThreeWalnuts.org on
> > the same linux server as virtual hosts behind an Apache httpd.
> >
> > In our case, the IdPs were separate development instances of the same
> > production service, so none of them were production.  Maybe something would
> > have broken under load?  I can't think of what it would be.  Anyway, all of
> > the IdPs were in separate installation directories
> > (/home/<user>/shibboleth-idp/), but I expect it would behave the same if
> > they were installed in /opt/shibboleth-idp/robosquirrels/ and
> > ../threewalnuts/.
> >
> > It begs the question of whether or not that's really what you need or want
> > to do, though.  Good luck!  -Les
> -- 
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>

More information about the users mailing list