I would like to allow SSO between groups of servers. For example:
Lets say we have 6 service providers, arranged in 2 groups:
We want our users that access any of Server 1, 2, or 3 to authenticate via Shibboleth once, and be authenticated for all 3. If that user then attempts to access Server A, B, or C, we want them to be challenged again, only once for the 3 (A,B,C). If they then attempt to access Servers X, Y, or Z, we want them to be challenged again with SSO between the 3 (X,Y,Z).
We are wanting this so that our DEV servers are only SSO'd with other DEV servers. TEST servers only SSO'd with other TEST servers, QA/UAT servers only SSO'd with other QA/UAT instances. Then finally Production servers are SSO'd only with other Production servers.
Hope this makes sense, any feedback is appreciated.