1 Reply Latest reply on Jun 4, 2012 12:05 PM by anil.saldhana

    SP with multiple IDPs

    wildert
    wildert May 29, 2012 3:43 PM

      I'm posting to make sure PicketLink does not offer this, and ask that it be added if it does not already exist.

       

      I have an SP and I want to use multiple IDPs with it. This is common for applications like SharePoint or disqus, where you trust multiple IDPs (you need to identify a unique id saml assertion, normally email address) and when a user needs to log in, they get to choose from multiple IDPs. The UI and the redirecting I can handle myself, but the trusting of multiple IDPs seems to be technically impossible at the moment because of the configuration below

       

       

      <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">

       

          <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />

          <Auth Key="KeyStorePass" Value="store123" />

          <Auth Key="SigningKeyPass" Value="test123" />

          <Auth Key="SigningKeyAlias" Value="servercert" />

       

         <ValidatingAlias Key="idp.example.com" Value="servercert" />

          <ValidatingAlias Key="localhost" Value="servercert" />

      </KeyProvider>

       

      I need to provide multiple certificates and validatingaliases, ideally database driven instead of xml file driven

      • 669 Views
      • Tags:
        • 1. Re: SP with multiple IDPs
          anil.saldhana
          anil.saldhana Jun 4, 2012 12:05 PM (in response to wildert)

          There is a concept of SAMLConfigurationProvider.   I am thinking for your usecase, you need to create an implementation of that.  It will bypass all the picketlink.xml configuration.  You are then free to install any configuration you want.

            • Actions