Single Sign-On Service Url For Different Environments

0
votes

I am setting up my site as an identity provider and I need to give the 3rd party service provider (via an xml metadata file) what the "Single Sign-On Service Url" is to receive SAML authn requests. My issue is that this site has multiple environments -- site.dev.com, site.stage.com, and finally site.com for the production site. Is it possible to have all of these paths set up for the same identity provider? Since I am doing SP initiated SSO, maybe the service provider knows the base path?

2
single-sign-onsamlsaml-2.0component-space

2 Answers

0
votes

I'm not sure how the SP would know the base path to your IdP's single sign-on service. If you have three different single sign-on service URLs for your three environments, the SP will have to know the absolute URL of each.

0
votes

If the environments are physically separate, you would have an entityID for each one. An entityID is just a urn for your IdP. Some examples could be:

site.dev.com entityID = https://site.dev.com/saml/sp
site.stage.com entityID = https://site.stage.com/saml/sp
site.com entityID = https://your.service.url/saml/sp

Each entityID would have its own SAML metadata document and you would give the SP each document. So the SP would know there are 3 IdP and it would know the urls for each one, from their corresponding metadata document.