0

I would like to set up simplesamlphp so that when a user enters service provider 1, it uses an identity provider with an sql authentication source that is located on the same server as service provider, preferably with the idp on the same server.

however, when a user enters service provider 2, i would like to use sp2's own separate authentication source, would i be able to config sp2 to use idp1 that is on the same server as sp1, to use a distinct authentication source used only by sp2? or would i have to setup an idp2 on the same server as sp2, and in the web app that offers sp2, tell it to use idp2 as the identity provider that has its own separate sql auth?

thanks for any help.

Masu
  • 1,568
  • 4
  • 20
  • 41
  • Your description is very confusing to me. Is there any relation between sp1 and sp2? Maybe you can elaborate on what it is that you are trying to accomplish? Your current description gives me the feeling that this is an XY problem. – jornane Jul 29 '14 at 15:20
  • hey sorry about that. I have two servers that are cross-domain. Each are a separate service provider ( sp1 and sp2 ). On sp1, I also have set-up that server to be an identity provider idp1. idp1 uses sqlauth (auth1). Can idp1 use a different sqlauth, when a client accesses sp1, and a different sqlauth when a client accesses sp2, (say auth2). – Masu Jul 29 '14 at 15:45
  • the reason i ask, is originally i have two separate servers that i want to use single-sign on. each one has its own separate login/authentication method. i would like to set it up so that when a client accesses sp2, it uses its original authentication method that is already set up in its database, and when a client accesses uses sp1, it uses its original authentication method that is already set up in its database. and have it result in a single sign-on, but with different authentication sources. like using a gmail password to login to gmail, but logged into all google accounts. – Masu Jul 29 '14 at 15:49
  • I mean can you declare two different auth sources in saml20-idp-hosted.php, and what auth source is used is based on what service provider accesses the idp. So sp1 contacts idp1, idp1 knows its sp1, uses auth1. sp2 contacts idp1, knowing that it is sp2, uses auth2. Is that possible? Do i need to setup a different idp, idp2? – Masu Jul 30 '14 at 13:34
  • That would not give you SSO, right? If you log in from SP1, you go through IdP1, but when you later try to log in from SP2, you cannot re-use IdP1 and you have to log in to IdP2. – jornane Jul 30 '14 at 18:37
  • I mean for the initial login, if you login through idp1 into sp1, it uses auth1, and if you visit sp2, you're automatically logged in. but if you initially login to sp2, it should use auth2, i just want to know if thats possible with the same idp1. – Masu Jul 31 '14 at 02:15
  • This does not make sense to me. From your description, SP(X) should log in with IdP(X), unless IdP(Y) is already logged in, then IdP(Y) is fine. Then why make the distinction between different IdPs at all? – jornane Jul 31 '14 at 10:05

0 Answers0