Hello Component space Team,
We have a requirement like one client will be sending a request to SSO for their users (after windows authentication) to our main application based on the user we need to take the user to different applications built on different technologies.
Client is acting as Idp and we are using Idp initiated SSO (it should also support SP initiated SSO in future if client asks).
Main application is acting as SP and its receiving the request through .NET Core Web API, if user has access to multiple applications (main application/portal, another app - APP1 & another app - APP2 ..APP n ). APP1 is on ASP.NET web apps Application, APP2 is angular application, APP3 is MVC application..
What is the recommendation SAML architecture we should follow in this scenario?
We are thinking to have two levels of SAML
Client (IdP) to Main Application/Portal (SP)---> IdP initiated SSO (Level1 )
Main Application/Portal (IdP) to APP1/APP2.. APPN ----> IdP Initiated SSO (Level2)
Client don't want to configure or send which application user wants to access, they can have access Main Application and/or APP1 and/or APP2 and/or .. APP2
Please let us know recommendations from Component Space team.