Question about multiple idps

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about multiple idps

Shawn Biesan
Hey, I'm fairly new to shibboleth and had some questions

So currently we have a shibboleth IDP that works. We have 3-5 Service Providers that hit our shibboleth IDP.

Sometime in the future there will be an outside group with their own IDP that we want to auth into our existing infrastructure. 

I'd really like for the users of the external system to be able to SSO into our system from theirs. Ignoring the problem of syncing users between the two IDPs how can I structure this all? From this perspective is there a way I can treat our IDP as a Service Provider from the external client's perspective so all the existing SPs just work? Should the 3-5 existing SPs just trust both IDPs?

Most of my struggles is not understanding the terminology of what I'm trying to do so it's tough for me to figure out how to find it in the docs.

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Question about multiple idps

Peter Schober
* Shawn Biesan <[hidden email]> [2018-07-09 18:05]:

> So currently we have a shibboleth IDP that works. We have 3-5 Service
> Providers that hit our shibboleth IDP.
>
> Sometime in the future there will be an outside group with their own IDP
> that we want to auth into our existing infrastructure.
>
> I'd really like for the users of the external system to be able to SSO into
> our system from theirs. Ignoring the problem of syncing users between the
> two IDPs how can I structure this all? From this perspective is there a way
> I can treat our IDP as a Service Provider from the external client's
> perspective so all the existing SPs just work? Should the 3-5 existing SPs
> just trust both IDPs?

Does this help? (An answer I sent to another list recently)
https://groups.google.com/forum/#!topic/simplesamlphp/Pnvahm51EdE

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]