spring-saml multi-tenant - 1 webapp with multi SPs

Question

I've deployed 1 webapplication (WAR) to Tomcat behind context root /myApp

The application is exposed to the public by means of 2 public HTTPS URLs:

Eg. https://a.this.that and https//b.this.that

Both these public requests arrive in that same application (/myApp).

Now I need this webapplication to support 2 SAML service providers. Both will use the same IDP.

How should I configure Spring SAML in order for this application to support two SPs, one for the first URL, and one for the second ?
What ACS location URLs should I put in my service provider XML ?
Do I need multiple SP XML files and/or do I need to define extended service provider metadata to get this working ?
Do I need a spring saml multi-tenant setup to get this working and if so what is the relationship between the entityId and the URL ? Or can all this be achieved in a different way without a multi-tenant setup ?

Could somebody provide some sample xml metadata, spring saml config that demonstrates how the above could be achieved ?

Kr,

EDH

Vladimír Schäfer Vladimír Schäfer · Accepted Answer · 2017-01-28T16:31:41

You'll need to generate SP metadata for each of the instances separately, and add it to the metadata manager. The URLs will be a.this.that in the first one, and b.this.that in the other. You also need to set entity alias to differentiate the two instances. See the manual for more details.

spring-saml multi-tenant - 1 webapp with multi SPs

1 Answers