问题
We are using Shibboleth Service provider for our application. We have installed the Sp in our local machine. Now I need to have it configured to multiple idP depending upon the url. Example: We have two hosts one.sample.com and two.sample.com both point to same machine - so same SP.
So want to configure Sp in way that when hit one.sample.com then it authenticate user using https://testshib.com/idp and when hit two.sample.com then authenticate user with another idp.
It should not ask me to choose the idP. it should automatically identify idp based on the host Url.
Thanks
回答1:
You can use <RequestMap> element in shibboleth2.xml file.
More details can be found here.
<RequestMap applicationId="default"> <Host name="www.example.org"> <Path name="secure" authType="shibboleth" requireSession="true"/> </Host> <Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"> <AccessControl> <Rule require="affiliation">faculty@osu.edu student@osu.edu</Rule> </AccessControl> </Host> </RequestMap>
Above exmple is directly taken from the Shibboleth wiki link I provided above.
You can ignore AccessControl tag if you want and map Host and Path directly. So for your example, you will need to create two applications and map two host to application. If you don't provide applicationId then it will take ApplicationDefault as application.
How to provide multiple application can be found here.
来源:https://stackoverflow.com/questions/42688627/shibboleth-auto-choose-from-multiple-idp-based-on-url-for-single-sp