Reputation:
web application in different sso federations
is it possible include one web application into several sso federations
Upvotes: 0
Views: 188
Answers (1)
Reputation: 9739
Yes, at least in the SAML-P and WS-Federation protocols there is nothing that forbids this. A web application can inspect the incoming HTTP request (the URL and/or cookies), and use that to choose the STS to redirect to.
However, a specific SSO library/framework might have restrictions in this area.
For example, if your web application is in .NET based on WIF, then the WSFederationAuthenticationModule has exactly one Issuer, which is used for all sign-in requests. (This is usually set in the web.config file in the <wsFederation issuer="..."> attribute). It may be possible to override the CreateSignInRequest() method of this module, temporarily setting Issuer to a different value while the request is created (and applying the proper locking). But WIF was apparently not designed to support this multi-SSO-federation scenario.
Upvotes: 1
Related Questions
- SPA webapp SSO federation
- Single Sign On across multiple systems including third party systems
- Spring security based SSO for multiple web applications
- SSO for two applications that use different identity providers
- Single Sign on for already existing multiple web applications
- How to support multiple user bases in SAML-based SSO without synchronizing them?
- Is federation a valid approach for cross-domain SSO In case all the RPs and the STS are developed internally?
- Implementing SSO using Passive Federated Identity and login page on relying party
- SSO from external web app to multiple LDAP (AD) providers
- SSO across different domains