-
Notifications
You must be signed in to change notification settings - Fork 442
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to support multiple idp? #560
Comments
Interested due to #524 |
If you initialise a new There are some shortcomings with this approach, for example:
In my case, I couldn't use the metadata URL approach as my existing SAML implementation stored each IdP's certificate and entity ID on the server side, but not the metadata URL. It is possible to use this package without using The package doesn't seem to encourage this approach so it is a rather convoluted workaround (I see feature requests like #552 which would make this easier). Here's how I (ab)use the package to work in this scenario: idpCertificate := "-----BEGIN CERTIFICATE-----\nABCDEF\n-----END CERTIFICATE-----"
block, _ := pem.Decode([]byte(idpCertificate))
entityID := "https://sts.windows.net/388aeae7-c30d-4117-9f1c-f0d87071cf2c/"
sp := saml.ServiceProvider{
MetadataURL: mustParseURL("https://sp.example.com/saml2/metadata"),
AcsURL: mustParseURL("https://sp.example.com/saml2/acs"),
IDPMetadata: &saml.EntityDescriptor{
EntityID: entityID,
IDPSSODescriptors: []saml.IDPSSODescriptor{
{
SSODescriptor: saml.SSODescriptor{
RoleDescriptor: saml.RoleDescriptor{
KeyDescriptors: []saml.KeyDescriptor{
{
KeyInfo: saml.KeyInfo{
X509Data: saml.X509Data{
X509Certificates: []saml.X509Certificate{
{
Data: base64.StdEncoding.EncodeToString(block.Bytes),
},
},
},
},
},
},
},
},
},
},
},
}
assertion, err := sp.ParseXMLResponse(xmlres, []string{requestID}) |
hi guys, is it possible to support multiple idp? my goal is to make it work with Azure Ad and google auth ay the same time, and provide unique ACS path to idp side, which means at the idp side, it looks like one SAML SP. it can parse SAML assertion from Azure/Google in the same ACS path.
in current implementation, it seems SP is bond with an idp metadata. how can we expand this to multiple idp.
The text was updated successfully, but these errors were encountered: