Multiple IDP but single login challenge

Peter Schober peter.schober at
Fri May 10 05:34:03 EDT 2019

* pallavi.tambe <pallavi.tambe.ext at> [2019-05-10 09:42]:
> I have a scenario, where I have 2 IDPs (IDP1 and IDP2), the user database is
> in sync. So if user is logged in using IDP1, and I am in the same browser my
> SP2 should be able to use the assertions from IDP1 and should not show login
> challenge for IDP2.

Why would an SP prompt you for authentication at more than one IDP?
I.e., if you're logged in using IDP1 why would anything ask to log in
at IDP2, too?

Other than that: Two IDPS serving the exact same population (same user
database or same content in several user databases) why would you have
2 IDPs for that to begin with?

(A HA cluster would only have one entityID -- one logical IDP -- no
matter how many phyisical nodes are running the software. Maybe that's
what you're after?)

"If It Hurts, Stop Doing It."?

Best regards,

More information about the users mailing list