We are working with an SP that has two separate destinations within their application with different entity IDs, but they want the SAML assertion from SecurID to go to one URL.
We are working with an SP that has two separate destinations within their application with different entity IDs, but they want the SAML assertion from SecurID to go to one URL.
The SP has requested that the SAML reply go to the same URL, with the same IdP entity ID, but they have 2 different entity IDs on their side, sending the user to different parts of their application. So, I set up 2 connections to accommodate the two destinations on their end: they have the same Identity Provider URL, use the same cert/key combo, same ACS, but different Audiences.--One connection will work, but not both. And the connection that does work seems to flip-flop. Is that just something that SecurID doesn't like to do or should work?
May need to open a support case to dig into this a more but when you say "the same Identity Provider URL" do you mean the entire URL is the identical? If so I would recommend manually editing/overriding the Issuer Entity ID part for one of two IdP configurations.
Thank you, Ted. I will work with the SP before entering a case.
Hi Jay - I'm not sure I understand how the two entity IDs play into your scenario.
When you set up a SAML configuration on the SecurID IdP you describe where the IdP's assertion should be sent (ACS URL) and the SP's entity ID.
Maybe expand a bit on your question?
Thanks,
Ted