My company has purchased ComponentSpace recently and we success in implementing SP-initiated SSO for our applications.
Our current configuration is the following :
- app get an saml.config file at its root. This config file contains one ServiceProvider and two PartnerIdentityProvider
- according to the examples, we switch between the two IdP using a key stored in the web.config file
- the first IdP is only for test, but for convenience we keep it in the application if needed. The real IdP which will be used is the second
Our issue is the following :
- our second IdP is Google, which needs to know the exact ACS URL. So the ACS URL of the ServiceProvider in the config.file must match the one stored in the IdP. No problem here, it works
- for security reasons, we have two domains for our app : one is public and externals members can access from the internet, the other is intern and only company members can access it from a local network
- so we need two ACS URL, depending on the domain, our security policy forced us to. But Google as an IdP accepts only one
- we have the idea to configure two SAML app in Google : one for external and one for internal. This means we have to switch in the app between two SP configurations before the first SSO call
That's where I get some trouble. I assume I am new to the SAML configuration and may have misunderstood some points.
1 - Is this possible to have two SP in the saml.config file (as PartnerServiceProvider?) and switch between them? If yes, how to do it programmatically? (SP initiated SSO)
2 - If not, I try to have two saml.config file, stored in some other folder than root. I try the code below, but the SSO still try to load the saml.config file from the root, is there something I'm doing wrong?
string path = "somepath";
SAMLServiceProvider.InitiateSSO(Response, null, partnerIdP);
3 - If there's an other solution?
Please let me know if my explanation isn't clear enough, any help would be greatly appreciated.