Shibboleth - Secure different URLs with different IdPs

Question

We have a server that is going to have different web applications for different clients.

I need to be able to secure one web app with one IdP, and another web app with a different IdP. Sich as below:

"my.host.com/webapp1" with thier.IdP.com "my.host.com/webapp2" with thier.IdP2.com

How do I configure this? I'm assuming I need to do something in my shibboleth2.xml. But I'm confused where I'm supposed to secure one path and tie it to one IdP.

I think it's implied, but these are 2 different customers and there should be no sort of cross talk (i.e. using one IdP doesnt allow you to to get into the other web app, and vice versa).

score 0 · Answer 1 · answered Jun 23 '15 at 18:41

I'm assuming I need to do something in my shibboleth2.xml.

Your shibboleth2.xml should contain references to multiple IdPs probably through ApplicationOverride stanzas.

I need to be able to secure one web app with one IdP, and another web app with a different IdP

Your Apache HTTPD configuration should direct the user to the correct Shibboleth EntityId based on path. For example:

<Location /customer/aaa>
  AuthType shibboleth
  ShibRequireSession On
  ShibRequestSetting entityId https://idp.customeraaa.com/idp/shibboleth
  require shibboleth
</Location>

Shibboleth - Secure different URLs with different IdPs

1 Answers1