Each authentication handler listens for messages on its particular endpoint. If two SAML authentication handlers are configured with the same AssertionConsumerServicePath, only the first will ever see SAML messages as these will be processed and not passed onto the next SAML authentication handler. You could configured different AssertionConsumerServicePaths through the SAML authentication handler options and have the IdPs send to the appropriate URL. However, I think a better option would be if the SAML authentication handler returned the partner IdP name back to your application in the authentication properties. That way, as well as the user claims etc, you'll also know which partner IdP initiated the SSO. This will require an update. Please contact us to access a beta.
Regards ComponentSpace Development
|