+xHi Nishikant,
Yes, that's definitely possible and in fact if you take a look at the ExampleServiceProvider's appsetting.json you'll see it contains multiple partner IdP configuration entries.
Under the PartnerIdentityProviderConfigurations, add an entry for each partner IdP to be supported. There are no restrictions on the number of IdPs.
No changes are required to the Startup class.
If you're calling _samlServiceProvider.InitiateSsoAsync to support SP-initiated SSO, you must specify the partnerName parameter to identify which partner IdP to initiate SSO to. The partnerName must match the name of one of the configured partner IdPs (ie PartnerIdentityProviderConfiguration.Name).
In the ExampleServiceProvider, we specify the PartnerName parameter in the appsettings.json. In a real world application you'd have some other mechanism to identify which IdP to SSO to.
Thanks for Quick response...
I have added partner IdP configuration Under the PartnerIdentityProviderConfigurations in service providers appsettings.json
but I have doubt about setting partner name parameter, instead of Partner name I have added "Idp1": "XYZ" and "Idp2": "ABC" is that correct?
if I am wrong Plz help me to set that partner name.
And How to identify which IDP request come for SSO/SLO is from either by id "Tenant1" or "Tenant2", or by name "XYZ" or "ABC"
This is my service providers appsettings.json for your reference
"SAML": {
"Configurations": [
{
"ID": "Tenant1",
"LocalServiceProviderConfiguration": {
"Name": "XYZ",
"Description": "****** Service Provider",
"AssertionConsumerServiceUrl": "
https://localhost:44395/SAML/AssertionConsumerService", "SingleLogoutServiceUrl": "
https://localhost:44395/SAML/SingleLogoutService", "ArtifactResolutionServiceUrl": "
https://localhost:44395/SAML/ArtifactResolutionService", "LocalCertificates": [
{
"FileName": "certificates/*****.pfx",
"Password": "*******"
}
]
},
"PartnerIdentityProviderConfigurations": [
{
"Name": "**********",
"Description": "******** Identity Provider2",
"SignAuthnRequest": true,
"SignLogoutRequest": true,
"SignLogoutResponse": true,
"WantLogoutRequestSigned": true,
"WantLogoutResponseSigned": true,
"SingleSignOnServiceUrl": "
https://localhost:44313/SAML/SingleSignOnService", "SingleLogoutServiceUrl": "
https://localhost:44313/SAML/SingleSignOnService", "ArtifactResolutionServiceUrl": "
https://localhost:44313/SAML/ArtifactResolutionService", "PartnerCertificates": [
{
"FileName": "certificates/******.cer"
}
]
}
]
},
{
"ID": "Tenant2",
"LocalServiceProviderConfiguration": {
"Name": "ABC",
"Description": "****** Service Provider",
"AssertionConsumerServiceUrl": "
https://localhost:44395/SAML/AssertionConsumerService", "SingleLogoutServiceUrl": "
https://localhost:44395/SAML/SingleLogoutService", "ArtifactResolutionServiceUrl": "
https://localhost:44395/SAML/ArtifactResolutionService", "LocalCertificates": [
{
"FileName": "certificates/*****.pfx",
"Password": "*******"
}
]
},
"PartnerIdentityProviderConfigurations": [
{
"Name": "**********",
"Description": "******** Identity Provider",
"SignAuthnRequest": true,
"SignLogoutRequest": true,
"SignLogoutResponse": true,
"WantLogoutRequestSigned": true,
"WantLogoutResponseSigned": true,
"SingleSignOnServiceUrl": "
https://localhost:44311/SAML/SingleSignOnService", "SingleLogoutServiceUrl": "
https://localhost:44311/SAML/SingleSignOnService", "ArtifactResolutionServiceUrl": "
https://localhost:44311/SAML/ArtifactResolutionService", "PartnerCertificates": [
{
"FileName": "certificates/******.cer"
}
]
}
]
}
]
},
"Idp1": "XYZ"
"Idp2": "ABC",