Reputation: 535
SSO-SAML Logging into IDP from service provicer
SP is an app which have its own Auth mechanism and local identities, User can directly login.
Is there a way SP can notify IDP about the logged in user so that other SP are logged in from IDP(salesforce)
[SP1 (u1 logged in using sp1 database)] -> [idp (u1)]
[SP2 ] ---login req--> [idp(u1)] -> [SP2 (u1)]
Problem is SP1 have set of users which is not part of idp and other SPs
SP = Service provider
IDP = Identity provider
Upvotes: 0
Views: 79
Answers (1)
Reputation: 4015
Not possible in SAML protocol. Local identities at SP cannot federate across IdP or other SP's.
In order to federate the identities, IdP has to receive the AuthnRequest from SP (in case of SP-Init SSO), authenticate at IdP and send assertion to SP. Thereby, IdP can only federate identities across SPs.
Upvotes: 1
Related Questions
- SSO. How to use IdP as a Proxy?
- sp initiated saml sso authentication
- Converting from SP initiated SSO to IdP initiated SSO
- iDP connecting to SP SAML / SSO
- How to process SAML from idp initiated SSO using PHP?
- IDP Initiated SSO not working in spring security SAML sample app
- IdP initiated SSO using Spring SAML
- Connection between SP and IDP in multiple SP SSO scenario
- How to use SSO with SAML2.0
- "HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid" with Salesforce as IdP for implementating SSO