You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am looking for some help and an explanation on how to use this package to enable SSO with multiple MS Azure tenants. I am new to this package and to SSO with SAML , so please forgive me if my questions seem basic.
Signing in a user from my tenant
For a user of my tenant to SSO, I need to configure my idp_entity_id as https://sts.windows.net/{tenant-id}. I can also easily find the x509 certificate in the tenant's IDP configuration. --> When a user belonging to my tenant tries to SSO it does work perfectly.
Signing in a user from an external tenant
For a user belonging to an external tenant to SSO, I would need to keep the same configuration and replace idp_entity_id with https://sts.windows.net/{external-tenant-id}.
As for the certificate, I could not find it anywhere on the external tenant configuration on MS Entra ID. However, I could find it when base64 decoding the SAML assertion request.
So my questions are :
Do this package supports multi-tenancy (multiple tenants and Identity providers for a single idp_login_url) ?
Do I absolutely need to know in advance the x509 certificate of all the external tenants? (I have read somewhere that I could be optional but It does seem like a security breach)
Would it be hard to update the package so that it could parse the idp_entity_id and along with the application uuid select the right tenant configuration?
Thanks a lot for any help on this.
The text was updated successfully, but these errors were encountered:
Hello everyone,
I am looking for some help and an explanation on how to use this package to enable SSO with multiple MS Azure tenants. I am new to this package and to SSO with SAML , so please forgive me if my questions seem basic.
I have declared my application on my MS Azure and configured it to allow SSO from multiple azure tenants. My IDP login URL is thus : https://login.microsoftonline.com/common/saml2.
Signing in a user from my tenant
For a user of my tenant to SSO, I need to configure my idp_entity_id as https://sts.windows.net/{tenant-id}. I can also easily find the x509 certificate in the tenant's IDP configuration. --> When a user belonging to my tenant tries to SSO it does work perfectly.
Signing in a user from an external tenant
For a user belonging to an external tenant to SSO, I would need to keep the same configuration and replace idp_entity_id with https://sts.windows.net/{external-tenant-id}.
As for the certificate, I could not find it anywhere on the external tenant configuration on MS Entra ID. However, I could find it when base64 decoding the SAML assertion request.
So my questions are :
Would it be hard to update the package so that it could parse the idp_entity_id and along with the application uuid select the right tenant configuration?
Thanks a lot for any help on this.
The text was updated successfully, but these errors were encountered: