Load IDP Metadata runtime

[Lê Quang Minh]

Current System's SSO Problem
• The system will have multiple customers
    ◦ The login URL will have the pattern: {base_url}/{customer}/login (There will be a "Login with Azure AD" button)
    ◦ Each customer will register a separate Enterprise Azure AD application (Entra ID)
    ◦ This means that the IDP metadata file will also be different for each customer (configured in the saml20-idp-remote.php file)
• The system will be 1 SP - n IDPs
    ◦ The loading of which IDP will be based on the Login URL to determine which customer's IDP Metadata to load
=> Is there a solution for loading IDP metadata at runtime, that is, when accessing the login page, to know which IDP's metadata to pick when clicking the "Login with Azure AD" button?

[Tim van Dijen]

Hi,

You probably have some code like this in your application:

```

$auth = new \SimpleSAML\Auth\Simple('default-sp');

$auth->requireAuth();
```

You can pass the IDP this this command:

```

$auth = new \SimpleSAML\Auth\Simple('default-sp');

$auth->requireAuth(['saml:idp' => '<entityID>']);

```

-- Tim

Op woensdag 7 februari 2024 om 09:16:20 UTC+1 schreef min...@nal.vn:

[Lê Quang Minh]

I’m a bit confused, the system here is n (SP <=> IDP), meaning there are multiple pairs of corresponding SPs and IDPs and it’s not fixed, it’s dynamic based on user registration.
Does anyone have any ideas for this handling?