We have a server that is going to have different web applications for different clients.
I need to be able to secure one web app with one IdP, and another web app with a different IdP. Sich as below:
"my.host.com/webapp1" with thier.IdP.com "my.host.com/webapp2" with thier.IdP2.com
How do I configure this? I'm assuming I need to do something in my shibboleth2.xml. But I'm confused where I'm supposed to secure one path and tie it to one IdP.
I think it's implied, but these are 2 different customers and there should be no sort of cross talk (i.e. using one IdP doesnt allow you to to get into the other web app, and vice versa).
Your shibboleth2.xml should contain references to multiple IdPs probably through ApplicationOverride stanzas.
Your Apache HTTPD configuration should direct the user to the correct Shibboleth EntityId based on path. For example: