I'm new to WSO2 Identity Server and SSO. My requirement is to establish a boundary of trust around two portals each having their own dedicated user store, identity and service provider. A user can choose which identity provider to authenticate with, and be automatically authenticated with the other identity provider also. Each identity provider can have multiple registered tenants. I'm following : https://docs.wso2.com/display/IS500/Connecting+Two+Identity+Servers+with+SAML+SSO https://docs.wso2.com/display/IS500/Adding+a+Service+Provider+and+Identity+Provider+Using+Configuration+Files
WSO2 Identity Server instance#1 : For portal 1 I have a configured resident identity provider and external identity provider (WSO2 Identity Server instance #2). It also has service provider configured for application in portal 1 and has custom user store manager, using a user store in an application on portal 1. It has a second service provider configured referring to WSO2 Identity Server instance #2.
WSO2 Identity Server instance#2 : For portal 2 I have a configured resident identity provider and external identity provider (WSO2 Identity Server instance #1). It also has service provider configured for application in portal 2 and has custom user store manager, using a user store in an application on portal 2. It has a second service provider configured referring to WSO2 Identity Server instance #1.
I don't understand if a portal 2 user, opens portal 1 and selects to authenticate with say the identity provider in WSO2 Identity Server instance #2, how the service provider in WSO2 Identity Server instance #1 can - observe that successful login - identify which identity provider the successful login originated from - how to add authentication cookie information for a user logged via external identity provider, so the user is also authenticated on this system.
Does anyone know good solutions to these problems or could direct me to good reading resources that explain?
