SAMLSPBroker
A federated organisation may have multiple distinct services (service providers) where each service is protected under a distinct trust domain. The same organisation may wish to trust multiple external & internal identity providers and allow the end user to select their preferred identity provider.
In order to support multiple services and multiple identity providers and possible multiple rules an Authentication Broker Service is required.
Properties
Example Configuration
{ "id": "broker", "alias": "broker", "name": "SAMLSPBroker", "displayName": "Broker", "configuration": { "sp": "https://myserver/saml/broker", "issueAsIDPID": "https://myserver/saml/idp", "pipeIDAssertionConsume": "pipeAssertionConsumer", "pipeIDAssertionProduce": "pipeAssertionProducer", "targetIDP": "https://external_idp/idp", "acsUrl": "https://myserver/saml/authenticate/broker", "entityID": "https://myserver/saml/broker", "addsignature": "false" } }
Requirements
A SAML Service Provider entity defined under Advanced->SAML Service Provider.