SSO using SAML in multi tenant application

Question

I need to enable SSO in my and one more application. Both applications are multi-tenant applications. (to log in, user must provide user name, password and tenant name).

Every tenant will have it's own directory in identity provider or use different IDP.

Does it make sense to authenticate the user on identity provider using tenant name beside user name and password?

Is there a IDP solution capable of providing this service? (3 parameter log in)

What is this tenant in practice? Is is like what department the user is in? — Stefan Rasmusson
In practice tenant is different customer. en.wikipedia.org/wiki/Multitenancy — mikipero

Stefan Rasmusson Stefan Rasmusson · Accepted Answer · 2013-01-28T13:02:15

I would think many of the IDPs out there can be made to take in three parameters. If you are using the common SAML Web SSO spec, I don't see any problem in using SAML.

As an example OpenAM is quite customizable, free and supports SAML.

This is probably of help https://wikis.forgerock.org/confluence/display/openam/Write+a+custom+authentication+module

SSO using SAML in multi tenant application

1 Answers