Bumping this, to raise the question again.
I have multiple applications, hosted on a single server farm. I wish the IDP to differentiate between them, so I have the ability to turn one application off from SSO, while leaving others enabled. This supports migrating of applications across different server farms, for example. It also supports the notion that not every application on a given server farm will be SSO enabled, and if one that is not attempts to use the SSO, it should be refused, as it is not trusted.
Is there a good reason for this not to be supported? I would think that simply allowing the use of the full issuer URL, rather than just the server name, as the key to the alias would handle the issue, perhaps retaining the existing behavior, and allowing a configuration switch to determing if server name or full URL are used?