Multi IdP SAML configuration

I’m a new user here and I’m quite impressed over the amount of documentation and full code examples that you are providing! It all looks very professional.

Now there is one thing I am thinking about, and that is if it’s possible to setup two IdP’s in one web app?
I’ve noticed that the “Configurations” part under SAML settings in appsettings.json is an array so my guess is that it’s possible (so I can setup a second LocalIdentityProviderConfiguration and PartnerServiceProviderConfigurations)?
I also guess you would need to create another SamlController to make this work that is servicing the urls in the appsettings.json?

Am I on the right track, and is there anything else I would need to know to set this up correctly?

Thanks in advance!


Hi Anders,

Your understanding is correct. We support multiple SAML configurations within the one application as part of our multi-tenancy support. Each tenant has their own SAML configuration which may consist of one LocalIdentityProviderConfiguration and multiple PartnerIdentityProviderConfiguration entries, assuming your application is acting as the identity provider.

All tenants may use the same SamlController or you could have separate controllers if you prefer. We don’t place any restrictions on this.

Prior to any SAML SSO or SLO API call, you need to specify which SAML configuration to use when processing the SSO or SLO. This is done by calling SetConfigurationIDAsync and specifying the configuration ID matching the ID property of one of the SamlConfiguration entries.

await _samlIdentityProvider.SetConfigurationIDAsync(tenantID);

For more information, please refer to the “Multi-Tenancy Support” section of the Configuration Guide.