Multiple IDP but single login challenge
Peter Schober
peter.schober at univie.ac.at
Fri May 10 05:34:03 EDT 2019
* pallavi.tambe <pallavi.tambe.ext at siemens.com> [2019-05-10 09:42]:
> I have a scenario, where I have 2 IDPs (IDP1 and IDP2), the user database is
> in sync. So if user is logged in using IDP1, and I am in the same browser my
> SP2 should be able to use the assertions from IDP1 and should not show login
> challenge for IDP2.
Why would an SP prompt you for authentication at more than one IDP?
I.e., if you're logged in using IDP1 why would anything ask to log in
at IDP2, too?
Other than that: Two IDPS serving the exact same population (same user
database or same content in several user databases) why would you have
2 IDPs for that to begin with?
(A HA cluster would only have one entityID -- one logical IDP -- no
matter how many phyisical nodes are running the software. Maybe that's
what you're after?)
"If It Hurts, Stop Doing It."?
Best regards,
-peter
More information about the users
mailing list