Forwarding to IDPs based on email domain of user
Sean Flannery
sean.flannery at wundermanthompson.com
Sat Aug 14 02:16:59 UTC 2021
Hey Peter,
Thanks for the response.
Yes, we thought / assumed the user would have to enter their email address first, for the system to know which IDP to use. Our users would be fine with this as the vendor services we use already implement this kind of flow (they have to enter email, to get the right login screen).
So we thought (perhaps naively), that our SP could point to this one IDP that performs this function- it asks the email of the user and then either performs LDAP auth on the user or forwards them to the upstream IDP if their domain is supported by it.
...I think I understand what you are saying with the entityIDs and discovery services but my understanding is that those services allow the user to select the IDP, where we want this to be a silent, background choice the system makes; it routes you to the correct IDP based on the email domain you entered.
Thanks again
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Peter Schober <peter.schober at univie.ac.at>
Sent: Friday, August 13, 2021 6:17 PM
To: users at shibboleth.net <users at shibboleth.net>
Subject: Re: Forwarding to IDPs based on email domain of user
Original Message Attached ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Original Message Attached
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210814/4eee65af/attachment.htm>
More information about the users
mailing list