Multiple IDP but single login challenge

Peter Schober peter.schober at
Fri May 10 06:17:53 EDT 2019

* pallavi.tambe <pallavi.tambe.ext at> [2019-05-10 12:09]:
> Basically we have 2 different applications which have their individual IDPs. 
> Say we have *App1* with IDP1 and *App2 *with IDP2. And now we want to
> integrate these 2 applications, that is why we have kept similar users in
> their databases. (Just the usernames are same).

There's nothing here that explains why you need 2 IDPs.
Just point all the applications (SAML SPs) you have to one IDP and
you're done.

> So now usecase is we launch the login screen for App1 it redirects to IDP1,
> user logs in . Now we want to redirect to App2 to get some data,  but now we
> don't want to throw the login challenge this time.

Then point it at the IDP the subject already has an SSO session with (IDP1).

> SP configured for App2 should approve the assertions from IDP1. 

Then why point the SP for App2 to IDP2?


More information about the users mailing list