Using multiple SAML Identity Providers

Show allHide all

Though you should usually have a single Identity Provider, Softadmin® can support two SAML Identity Providers by using the settings SingleSignOnSamlMetadataUrl and SingleSignOnSamlSecondaryMetadataUrl. Your SingleSignOnLoginProcedure (SAML) will need to look at the Issuer in the SAML assertion to known which IdP a user belongs to.

When Sign-in is initiated from the IdP

In this case users log in by choosing the Softadmin®-system from their list of applications in the IdP's dashboard. Regardless of whether you use one or more IdPs you will need to set SingleSignOnSamlAllowUnsolicitedResponses to 1.

When Sign-in is initiated from the Softadmin®-system

Set SingleSignOnSamlPortalUrl to the URL of an external portal page where users are able to choose which IdP to use.

The portal page should then forward the user to the page LoginSaml.aspx. It should forward the entire query string sent to the portal page and also append the value idp={identity of the chosen id server}.

For example:

function redirectToIdP(idp) {
    var qs = new URLSearchParams(document.location.search);
    qs.append('idp', idp);
    document.location.href = 'https://softadmin.example.com/LoginSaml.aspx?' + qs;
}