We're trying to setup a fairly complicated(?) scenario that looks like this. We have a web application which can be accessed through multiple urls (customer1.product.com / customer2.product.com etc). This is all hosted in 1 website on IIS which has multiple host headers setup.
The url entered is then used to identify what customer environment that the user is accessing.
We now have 2 customers that both want to use SAML SSO. To make this work in the same site we started with defining a IDPSelectionEventHandler as outlined in section 5.5.3 in the docs. In our event we look at the url to determine customer and from that we choose a idpendpoint.
So far so good, but we're not stock at the ServiceProvider tag in the web.config where we can only add one server "customer1.product.com". We would like to be able to add multiple urls here for each of our customer that uses SAML.
Is it possible to accomplish this in any way? Greatful for any help!
I do think I understand your scenario but I'm not completely sure about the implications. The easiest from my point of view would be to go with 2 distintc instances of OIOSAML, one for each "customer-site" since that'll match the normal scenario with one IdP per SP-site. Since you're in a login scenaio you'll need HTTPS and hence seperate IP-addresses per site. I don't think this would add much more maintenance, as you al ready have to deploy two distinct set of metadata (since the destination-url's will be different) and address to different IdP's.
You could try and implement some kind of seperate security/SAML gateway to handle all authentication for the different customer-sites, but it seems to require some coding/testing since you want it be automatic depending on what customer-site (read URL) is requested.
Maybe someone else has an idea?
Anyhow I would like to hear what you end up doing and how if you don't choose the trivial deployment.
En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.
Latest version of the OIOSAML specification.
The latest release of OIOSAML.JAVA
The latest release ofOIOSAML.NET
Validér dine OIOSAML Metadata
Validator inden du sender dem til Nem Log-In.
Anvendere af twitter kan nu følge med i hvad der sker i
Brugerstyringsnetværket - herunder OIOSAML-gruppen - ved at følge
brugeren @digiiam på
twitter.Der kommer tweets om oprettelse af nyheder, ressourcer,
debat, nye medlemmer i de grupper, som er med i netværket.