Meraki

Community

IdP-Initiated SAML coexisting with SP-Initiated SAML, different IdPs

Solved
JesusCasero
Here to help
‎Dec 1 2022 11:25 AM
‎Dec 1 2022 11:25 AM

IdP-Initiated SAML coexisting with SP-Initiated SAML, different IdPs

One of our customers has enabled SAML SSO and defined their IdP to make use of the IdP-initiated SAML SSO feature. We are planning to enable the SP-Initiated SAML SSO feature using our (additional) IdP: is that supported? Is the "SP SAML IdP" definition being used exclusively for SP-Initiated requests?

 

The documentation says so ("SP-Initiated SAML is fully cross-compatible with IdP-Initiated SAML (both can be used at once)") but I'd like to know if anybody has successfully dealt with this scenario, because the SP-Initiated SAML is still an early access feature.

 

Thanks!

 

JC

 

 

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2022 12:32 PM
‎Dec 1 2022 12:32 PM

Yes, that combination works fine.  I setup both methods to try them out.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2022 12:32 PM
‎Dec 1 2022 12:32 PM

Yes, that combination works fine.  I setup both methods to try them out.

In response to PhilipDAth
JesusCasero
Here to help
‎Dec 1 2022 1:01 PM
‎Dec 1 2022 1:01 PM

Thank you, Philip.

 

This is a very specific use case so I wanted to gather inputs before even trying it out.

 

Kind regards,

 

0 Kudos
In response to PhilipDAth
C3SGInc
Getting noticed
‎Dec 14 2022 12:33 PM
‎Dec 14 2022 12:33 PM

Did you run into any issues when adding the SP-Initiated part of the configuration?  I keep getting a message after login that my application identifier was not found in the directory.

0 Kudos
In response to C3SGInc
JesusCasero
Here to help
‎Dec 14 2022 12:37 PM
‎Dec 14 2022 12:37 PM

Hi,

 

No, actually I am rolling it out together with multiple IdP definitions consumed by the IdP-initiated SAML SSO feature and works like a charm.

 

Your issue sounds like a problem with the ACS definition on the IdP side.

 

Regards,

 

JC

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.