Multiple IDP but single login challenge
Peter Schober
peter.schober at univie.ac.at
Fri May 10 06:17:53 EDT 2019
* pallavi.tambe <pallavi.tambe.ext at siemens.com> [2019-05-10 12:09]:
> Basically we have 2 different applications which have their individual IDPs.
> Say we have *App1* with IDP1 and *App2 *with IDP2. And now we want to
> integrate these 2 applications, that is why we have kept similar users in
> their databases. (Just the usernames are same).
There's nothing here that explains why you need 2 IDPs.
Just point all the applications (SAML SPs) you have to one IDP and
you're done.
> So now usecase is we launch the login screen for App1 it redirects to IDP1,
> user logs in . Now we want to redirect to App2 to get some data, but now we
> don't want to throw the login challenge this time.
Then point it at the IDP the subject already has an SSO session with (IDP1).
> SP configured for App2 should approve the assertions from IDP1.
Then why point the SP for App2 to IDP2?
-peter
More information about the users
mailing list