I am setting up my site as an identity provider and I need to give the 3rd party service provider (via an xml metadata file) what the "Single Sign-On Service Url" is to receive SAML authn requests. My issue is that this site has multiple environments -- site.dev.com, site.stage.com, and finally site.com for the production site. Is it possible to have all of these paths set up for the same identity provider? Since I am doing SP initiated SSO, maybe the service provider knows the base path?
Asked
Active
Viewed 511 times
2 Answers
0
I'm not sure how the SP would know the base path to your IdP's single sign-on service. If you have three different single sign-on service URLs for your three environments, the SP will have to know the absolute URL of each.
ComponentSpace
- 1,287
- 6
- 9
0
If the environments are physically separate, you would have an entityID for each one. An entityID is just a urn for your IdP. Some examples could be:
site.dev.com entityID = https://site.dev.com/saml/sp
site.stage.com entityID = https://site.stage.com/saml/sp
site.com entityID = https://your.service.url/saml/sp
Each entityID would have its own SAML metadata document and you would give the SP each document. So the SP would know there are 3 IdP and it would know the urls for each one, from their corresponding metadata document.
codebrane
- 4,290
- 2
- 18
- 27