Support Multiple SSO Relying Parties With The Same Identifier

Owned by Stephen Call (Deactivated)
Last updated: Nov 11, 2021
2 min read

Problem

You need to configure multiple Relying Parties within the Identity Provider Configuration Editor using the same "Identifier" or "Service ID". 

Solution

Enable the "Allow Duplicate SAML/WS-Fed/CAS Identifiers" feature within the Identity Provider Configuration Editor and ensure each config utilizes a mutually exclusive ACL.

  1. Navigate to the PortalGuard server and open the Identity Provider Configuration Editor.

  2. Click on the 'General IdP Settings' button.

  3. Navigate to the Response tab.

  4. Check the box to enable the "Allow Duplicate SAML/WS-Fed/CAS Identifiers?" feature:

  5. Click the 'Save' button.

  6. From the main screen of the Identity Provider Configuration Editor, navigate to the appropriate tab for the integration type to duplicate (e.g. SAML Websites, or CAS Websites)

    • IMPORTANT NOTE:  If you have not already configured the initial integration, you will need to do that first.   

  7. Select the initial configuration and click the 'Edit' button. 

  8. Navigate to the Authorization tab.

  9. Use the 'Add' button here to define an ACL that covers all users/groups/OU's that should have access to this integration. 

    • Reminder:  This ACL must not overlap with the 'duplicate' configuration or users will not be able to access either. These must be mutually exclusive. 

  10. Navigate to the General tab and copy the current identifier to your clipboard.

    • You can double click the entry to edit or allow for the copy functionality. 

  11. Click the 'Save' button. 

  12. Ensure the initial configuration is selected and click the 'Copy' button. 

  13. Navigate to the Authorization tab and configure the ACL similar to step #9 above. 

    • Reminder:  This ACL Must not overlap with the 'initial' configuration or users will not be able to access either. These must be mutually exclusive. 

  14. Navigate to the General tab.

  15. Fill in the 'Name' and 'Description field.  

  16. Click the 'Add' button next to the 'Identifiers' input and paste in the value copied from step #10.

  17. Click the 'Save' button.

  18. Click the 'Apply to Identity Provider' button to save enable these new configurations. 

  19. Click the 'Sync' button.