* Ganesh Arelly <
ganes...@gmail.com> [2021-11-22 14:11]:
> Thanks for the message Peter.
>
> Is there a way to do some custom authentication which would be triggered
> when these kind of SP requests? With that in place, custom code would look
> for metadata only in specified folders thus no conflicting situations.
I though SimpleSAMLphp is the SP and you're asking about 2 remote
IDPs? Either way, the answer remains the same: On the SAML level two
IDPs that use the same entityID are the same IDP. That's what entityID
means: It's the granularity to differentiate SAML entities.
No SAML implementation can tell two IDPs apart that use the same
entityID and have the same technical "properties" (protocol endpoints,
keys, e.g. as described in standard SAML 2.0 Metadata) -- not
SimpleSAMLphp, not some other implementation, not using custom code.
You'll need to look at those "enterprise applications" in "Azure" and
change things there (again, no idea what this means or entails),
that's the only place that matters -- at least when using SAML.
Maybe things look differently when using a different protocol, e.g.
SimpleSAMLphp can also be used an an OIDC RP (I think).
-peter