Using 1 SAML2.0 service provider for multiple identity providers

0
votes

We have a SAAS model web application that is used to serve multiple customers. Few of these customers have their own SAML2.0 Identity Providers against which they want their users to get authenticated.

How can I create a service provider for my web application in which I can configure these multiple Identity providers and redirect the user to their respective login page based on the URL and redirect them back after successful authentication?

Can someone please guide me on this. So far what I have done is install the Shibboleth service provider on each of my servers and use that one server to serve only 1 customer who requires Authentication using their Identity provider, but this will not work with SAAS based model application.

Varun

1
saml-2.0shibboleth

1 Answers

0
votes

What you're looking for is something known as a discovery service. This enables the user to select the identity provider appropriate for them so that the SP can send them there to authenticate.

There's a page on the Shibboleth wiki describing this concept: IDPDiscovery

The Shibboleth SP ships with a discovery service known as the EDS that you can deploy locally: EDS

You could also build one as a static web page, or use a central discovery service provided by someone else if, for example, you're part of a federation that provides one.