Hello ComponentSpace,
There is the next situation: our application acts as SP with a multi-tenancy structure and we would like to support both SP-initiated and IdP-initiated SSO. In the case with SP-initiated we do not have any issues as SAMLController.ConfigurationID is set up before SAMLServiceProvider.InitiateSSO and stay the same after receiving SSO Response. But there is an issue with IdP-initiated as we do not know how to get the needed ConfigurationID. I checked “Configuration Documentation” and found several solutions:
• Separate subdomain names for each tenant - not applicable for us as we do not have subdomainsSo, we decide to show users a page after receiving IdP response (in case of IdP-initiated flow) where they will choose what tenant they would like to access. In this case, we need to know whether it is IdP-initiated or SP-initiated flow before trying to read SSO Response. Could you please say whether it is possible to Get isInResponseTo before calling SAMLServiceProvider.ReceiveSSO or you could advise any other possible solutions.
• Query string parameter - possible solution but as we allow to use the same IdP configuration across different tenants it is not possible to say IdP what exact tenant name should be sent with response as one IdP could access different tenants
• Special HTTP headers or cookies - the same thing as for previous one
• IP address ranges - not applicable for us
Best Regards
Dmitry