I'm posting to make sure PicketLink does not offer this, and ask that it be added if it does not already exist.
I have an SP and I want to use multiple IDPs with it. This is common for applications like SharePoint or disqus, where you trust multiple IDPs (you need to identify a unique id saml assertion, normally email address) and when a user needs to log in, they get to choose from multiple IDPs. The UI and the redirecting I can handle myself, but the trusting of multiple IDPs seems to be technically impossible at the moment because of the configuration below
<
KeyProvider
ClassName
=
"org.picketlink.identity.federation.core.impl.KeyStoreKeyManager"
>
<
Auth
Key
=
"KeyStoreURL"
Value
=
"/jbid_test_keystore.jks"
/>
<
Auth
Key
=
"KeyStorePass"
Value
=
"store123"
/>
<
Auth
Key
=
"SigningKeyPass"
Value
=
"test123"
/>
<
Auth
Key
=
"SigningKeyAlias"
Value
=
"servercert"
/>
<
ValidatingAlias
Key
=
"idp.example.com"
Value
=
"servercert"
/>
<
ValidatingAlias
Key
=
"localhost"
Value
=
"servercert"
/>
</
KeyProvider
>
I need to provide multiple certificates and validatingaliases, ideally database driven instead of xml file driven
There is a concept of SAMLConfigurationProvider. I am thinking for your usecase, you need to create an implementation of that. It will bypass all the picketlink.xml configuration. You are then free to install any configuration you want.