I have multiple app with same SSO config.
app1 = one.exampleone.com
app2 = two.exampletwo.com
I have SSO config like
EntityId = idsvr.example.com
ACS URL = idsvr.example.com?companyid="#####"
SP initiative scenario works fine - If user type one.exampleone.com , it will redirect to client Identity provider , authenticate and redirect back to same app. same for second app.
but during IDP initiative , user come through https://Companyadmin-dev.onelogin.com/trust/saml2/http-redirect/sso/99999
and it has SAML response but don't know where to rediret.
i.e Once I get SAML Response, I wouldn't know which app user wants to go.
So I was thinking of adding AppId in ACS URL like this idsvr.example.com?companyid="#####"&appid=app1
For SP initiative , I want to keep ACS URL = idsvr.example.com?companyid="#####" without appid
but IDP initiative , I want client to add appid
Right now , My LocalServiceProviderConfiguration has ACS url without AppID . So SP initiative works but IDP iniitiative gets Destinationcheck & Recipientcheck failed.
Usually , client setup ACS and Recipient with same URL.
I can disable both with
DisableDestinationCheck = true,
DisableRecipientCheck = true
but I don't want to disable it as it is not recommended.
Is there standard way to get APPID though SAML Response or other way in case of Multiple app with same SSO config ?
Is there way to validate Destinationcheck & Recipientcheck for both ACS URL with AppID and without AppID ? like pattern matching.