Can you run multiple instances of Shibboleth for SP?
Nate Klingenstein
ndk at signet.id
Mon Jul 1 02:11:34 EDT 2019
Sorry, it's late here and I munged my answer. Mulligan.
> Yes, you can use an arbitrary number of IdP's at an SP. The configuration will be old-school if you don't want to use a discovery interface, but it's certainly possible.
>
> https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+Service
> https://wiki.shibboleth.net/confluence/display/SP3/SessionInitiator
You shouldn't need to use a SessionInitiator element; the SSO element along with passing in an entityID or requireSessionWith should suffice, depending on how you're architecting this.
https://wiki.shibboleth.net/confluence/display/SP3/SSO
https://wiki.shibboleth.net/confluence/display/SP3/ContentSettings
> To expound on the multiple domain aspect as an aside, it depends entirely on whether you will be running these two domains as virtual hosts on a single server (farm) or as independent domains. In the former case, you would install Shibboleth on each node and configure it for the appropriate domains, preferably with a scripting mechanism like Puppet or Docker. In the latter case, they would be treated as entirely separate environments. But regardless, it's largely orthogonal: to the SP, these are just IdP's, and some load more than 5000 of them.
More information about the users
mailing list