Multiple IDP but single login challenge

Losen, Stephen C (scl) scl at
Fri May 10 06:32:11 EDT 2019

Hi Pallavi,

It sounds like what you really need is a single IDP and a single user database.  You probably need to maintain some new attributes in the user database, such as group membership, or entitlements, etc., to control which users have access to each SP.

Steve Losen
ITS - Enterprise Infrastructure
University of Virginia
scl at    434-924-0640

-----Original Message-----
From: users <users-bounces at> On Behalf Of pallavi.tambe
Sent: Friday, May 10, 2019 6:09 AM
To: users at
Subject: Re: Multiple IDP but single login challenge

Hi Peter,

Thank you for taking the time to answer my questions.

Basically we have 2 different applications which have their individual IDPs. 
Say we have *App1* with IDP1 and *App2 *with IDP2. And now we want to integrate these 2 applications, that is why we have kept similar users in their databases. (Just the usernames are same).

So now usecase is we launch the login screen for App1 it redirects to IDP1, user logs in . Now we want to redirect to App2 to get some data,  but now we don't want to throw the login challenge this time.

SP configured for App2 should approve the assertions from IDP1. 


Sent from:
For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list