IdP-Initiated SAML coexisting with SP-Initiated SAML, different IdPs

SOLVED
JesusCasero
Here to help

IdP-Initiated SAML coexisting with SP-Initiated SAML, different IdPs

One of our customers has enabled SAML SSO and defined their IdP to make use of the IdP-initiated SAML SSO feature. We are planning to enable the SP-Initiated SAML SSO feature using our (additional) IdP: is that supported? Is the "SP SAML IdP" definition being used exclusively for SP-Initiated requests?

 

The documentation says so ("SP-Initiated SAML is fully cross-compatible with IdP-Initiated SAML (both can be used at once)") but I'd like to know if anybody has successfully dealt with this scenario, because the SP-Initiated SAML is still an early access feature.

 

Thanks!

 

JC

 

 

 

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

Yes, that combination works fine.  I setup both methods to try them out.

View solution in original post

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Yes, that combination works fine.  I setup both methods to try them out.

Thank you, Philip.

 

This is a very specific use case so I wanted to gather inputs before even trying it out.

 

Kind regards,

 

Did you run into any issues when adding the SP-Initiated part of the configuration?  I keep getting a message after login that my application identifier was not found in the directory.

Hi,

 

No, actually I am rolling it out together with multiple IdP definitions consumed by the IdP-initiated SAML SSO feature and works like a charm.

 

Your issue sounds like a problem with the ACS definition on the IdP side.

 

Regards,

 

JC

Get notified when there are additional replies to this discussion.