Shibboleth SP to point to multiple idP

StackOverflow https://stackoverflow.com/questions/21858019

Question

I have SP installed on a machine. I need to have it configured to multiple idP depending upon the url.

Ex. We have two hosts one.myorg.com and two.myorg.com both point to same module/machine - so same SP.

Now I need my sp configured as if one.myorg.com/secure is hit SP should go to https://testshib.com/idp for authentication and else two.myorg.com/secure is hit SP should go to https://myown.idp.com idp.

EDIT: It should not ask to choose the idP.

Was it helpful?

Solution

In case this is still actual, you can find some hints here: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPDiscovery. on the Shibboleth Wiki here.

The key idea is to provide a entityID to the IdP in question in a manually crafted login request to the SP login module, like

https://sp.testshib.org/Shibboleth.sso/TestShib?entityID=https%3A%2F%2Fidp.testshib.org%2Fidp%2Fshibboleth

where entityID=... is the url-encoded entityID of the IdP in question.

The documentation of this parameter can be found on the Shibboleth Wiki in the "Advanced configuration" section.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top