I am setting up my site as an identity provider and I need to give the 3rd party service provider (via an xml metadata file) what the "Single Sign-On Service Url" is to receive SAML authn requests. My issue is that this site has multiple environments -- site.dev.com, site.stage.com, and finally site.com for the production site. Is it possible to have all of these paths set up for the same identity provider? Since I am doing SP initiated SSO, maybe the service provider knows the base path?
Single Sign-On Service Url For Different Environments
679 views Asked by Will Laine At
2
There are 2 answers
0
codebrane
On
If the environments are physically separate, you would have an entityID for each one. An entityID is just a urn for your IdP. Some examples could be:
site.dev.com entityID = https://site.dev.com/saml/sp
site.stage.com entityID = https://site.stage.com/saml/sp
site.com entityID = https://your.service.url/saml/sp
Each entityID would have its own SAML metadata document and you would give the SP each document. So the SP would know there are 3 IdP and it would know the urls for each one, from their corresponding metadata document.
Related Questions in SINGLE-SIGN-ON
- Generate Databricks personal access token using REST API
- Allow external users to login using custom SAML app in Google Admin
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- How would single sign-on work for my multi-tenant application?
- How can we make an environment specific Token-based authorization using Ping Token?
- Is it possible to integrate Looker Studio with websites without keeping it public, to preserve data?
- OKTA SSO Driven API Invocation
- Is there any way to login SSO using RestAssured or using any API calls?
- Is it possible to interact with SSO between Website A and Website B?
- SSO to Grafana embeded in iframe
- Secure React App and .net 6 apis with Keycloack
- Integrating one tap sign in with phone from phone email - Converting html and javascript code to React JS
- I need SSO and Maven to work together in a Tomcat 9 Eclipse project, I have check the usual suspects but I think I missed something
- Firebase Authentication SAML resource metadata file
- How to add ForceAuthn flag on AWS cognito
Related Questions in SAML
- AWS Cognito Multi-tenant Integration | Ok to use Client’s Idp?
- Allow external users to login using custom SAML app in Google Admin
- Is there any way to login SSO using RestAssured or using any API calls?
- Migrate from SAML extensions to SAML service provider and spring security
- Firebase Authentication SAML resource metadata file
- How to add ForceAuthn flag on AWS cognito
- Firebase , Active Directory - Will AD users get created in Firebase as well?
- Why data exchange between 2 web apps using redirection with query parameters or auto-form-post CANNOT be trusted by each other, even when using HTTPS?
- "No token validator was found for the given token" when handling encrypted SAML in AuthenticationBuilder
- what should I do about the error in the Keycloak and ADFS application "Client does not have a public key"?
- Is it possible to decide access level of Jenkins users where the login is through a group in Azure AD using SAML 2.0?
- openliberty saml group mapping not working
- SimpleSAMLphp response not handled
- SAML Assertion does not contain KeyInfo element in SubjectConfirmationData
- SOAP Header Invalid Signature on Timestamp
Related Questions in SAML-2.0
- Institutional Login Page on a React Flask App
- Migrate from SAML extensions to SAML service provider and spring security
- Separate web application that does not get SAML authenticated when using Systainsys library and IIS
- How to handle encrypted SAML response with openssl
- "RelayState is invalid" Error in GitHub SAML SSO
- Spring Boot SAML Authentication Issue with Identity Provider (IdP) on Virtual Machine
- Do line breaks or spaces affect saml assertion validation?
- Azure Claim Regex - Unable to filter a claim
- SAML Assertion does not contain KeyInfo element in SubjectConfirmationData
- Adding Private Key to RelyingPartyRegistration in Spring Boot and Spring Security
- SAML Error - The server requires a signed SAML authentication request but no signature is present
- IdentityServer 4 - idsrv and idsrv.session cookies blocked on signin-oidc call
- Challenges with SAML Front Channel Logout and clearing cookies in sites on different domains
- shibboleth 5 with slapd integration login
- Unique SAML issuer required for each application within the same EntraID account
Related Questions in COMPONENT-SPACE
- Export local idp/sp metadata separately with ComponentSpace.Saml2 ASP.NET Core
- "Error: An SP-initiated SAML response from *IdP* was received unexpectedly", what could cause this error?
- Using 1 SSO provider, person A logs in, then logs out of our app, then person B is logged in as person A since person A's stilled logged into the SSO
- User.Identity.Name is empty .Net Core 6.0 SAML SSO
- Using SAML 2.0 assertion to get access token for Microsoft graph api
- Authentication and getting attributes using componentspace SAML library with ForgeRock backend in .NET core
- Component space trace is not working while Splitting serilog file in asp.net core
- Exposing IdentityServer4 as both IdentityProvider and ServiceProvider using ComponentSpace
- There is no pending identity provider logout request
- SAML 2.0 integration with Spring boot application issue
- Sync ADFS Claims without relogin
- Azure DevOps pipeline missing ComponentSpace licence
- Single Sign-On Service Url For Different Environments
- Adding External packages other than Nuget on Azure DevOps pipeline
- Load dynamic SAML schemes for IdentityServer4 using ComponentSpace
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I'm not sure how the SP would know the base path to your IdP's single sign-on service. If you have three different single sign-on service URLs for your three environments, the SP will have to know the absolute URL of each.