Additional Entity in IIS
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 16 19:03:36 UTC 2022
Creating a content grouping with a different entityID does not require an override, but your goal isn't that, but to create a session boundary.
Using an override (with the same entityID frankly) will partition the session cache and transiting the boundary between applications will ignore any session not created by and associated with the overridden application ID.
If it's not heading back to the IdP, it's not using the override.
Of course, SSO is SSO. The only control an SP has over the IdP experience re: the UI is the ForceAuthn flag, which often won't do what you want anyway, but absent that there's nothing you can do to limit SSO.
-- Scott
More information about the users
mailing list