Hi Michael,
A custom ISamlConfigurationResolver isn’t necessary to support multi-tenanted applications. The default implementation which retrieves SAML configuration from appsettings.json provides this support.
Each tenant has its own separate SAML configuration. For an IdP, this consists of one LocalIdentityProviderConfiguration and one or more PartnerServiceProviderConfiguation items.
For SP-initiated SSO, GetPartnerServiceProviderConfigurationAsync will be called twice - once when ReceiveSsoAsync is called and once when SendSsoAsync is called.
In both cases, the partnerName parameter shouldn’t be null.
When ReceiveSsoAsync is called, the partnerName is retrieved from the SAML authn request’s issuer field. This is subsequently saved in the SAML session state.
When SendSsoAsync is called, the partnerName is retrieved from the SAML session state.
It would be useful if you could use the debugger and identify from the call stack whether partnerName is null when ReceiveSsoAsync or SendSsoAsync is called.
Also, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.