1 Reply Latest reply on May 16, 2013 12:26 PM by tim.kutz

Multiple SP's on a single host?

tim.kutz Mar 20, 2013 1:53 PM

Within the PicketLink configuration, one assigns certificate aliases to specific server names using entries like:

Within our environment, however, a single server will typically host multiple applications. While each application has a way to configure the certificate they sign requests with, the IDP side appears to have no mechanism to support accepting multiple, different certificates from different SP applications deployed on the same server. Is there a reason for this? Am I missing some part of the configuration that would support this? Or should all SP applications on a single server farm share a single certificate? This seems like something that should be possible to support.

1. Re: Multiple SP's on a single host?

tim.kutz May 16, 2013 12:26 PM (in response to tim.kutz)

Bumping this, to raise the question again.

I have multiple applications, hosted on a single server farm. I wish the IDP to differentiate between them, so I have the ability to turn one application off from SSO, while leaving others enabled. This supports migrating of applications across different server farms, for example. It also supports the notion that not every application on a given server farm will be SSO enabled, and if one that is not attempts to use the SSO, it should be refused, as it is not trusted.

Is there a good reason for this not to be supported? I would think that simply allowing the use of the full issuer URL, rather than just the server name, as the key to the alias would handle the issue, perhaps retaining the existing behavior, and allowing a configuration switch to determing if server name or full URL are used?
Actions