I'm using Shibboleth SP (Service Provider) with multiple IdP (Identity Providers). I'm currently using the SP EDS (Embedded Discovery Service) to provide the list of available IdP.
Is there a way (in EDS or not) to automatically redirect the user to the adequate IdP depending on his email domain? In this scenario the user is asked for his email/login ; then the domain is extracted and used to determine the correct IdP.
Thanks you for your suggestions.
You may need to code something to extract domain from email.
This may help you,
In the Shibboleth.xml file map the domain to different idp or map secure path to different idp.
Lets say example.com/secure1 to map to example-idp1.com and example.com/secure2 to example-idp2.com.
Then when the user user1@example1.com tries to login, redirect him to example.com/secure1 so it will automatically go to example.com/secure1. And vice versa.
If you want to understand how to configure multiple paths, here is the example taken from official site.
<RequestMap applicationId="default">
<Host name="www.example.org">
<Path name="secure1" authType="shibboleth" requireSession="true"/>
</Host>
<Host name="www.example.org" applicationId="app2" authType="shibboleth" requireSession="true">
<Path name="secure2" authType="shibboleth" requireSession="true"/>
<AccessControl>
<Rule require="affiliation">faculty@osu.edu student@osu.edu</Rule>
</AccessControl>
</Host>
</RequestMap>
And create two application as mentioned here.
