I have read the shib-sp documentation as well. It mentions the need for a Discovery Service (DS) if we intend to use multiple IdPs which will be handled by the shib-SP software. This is the issue I am facing right now. Please see the following comments to get my point.
Here’s the scenario I have so far:
- A user accesses Horizon (Service Provider -- SP) at: http://192.168.4.103/dashboard/auth/login/?next=/dashboard/.
- A drop-down list allows the user to choose the authentication method. The user selects the SAML IdP method.
- The user is redirected to the IdP’s page where they authenticate.
- The user is redirected back to the SP and successfully accesses the system.
- The issue I’m facing is how to configure multiple IdPs so that users can choose from them at step (2). I understand that we can add a list of IdPs in the ~/horizon/openstack_dashboard/local/local_settings.py file to display in Horizon, but this doesn’t fully resolve the issue since the Shibboleth SP application itself doesn’t seem to handle multiple IdPs.
Shibboleth SP typically expects a DS for multiple IdPs, but given that we already have a dropdown list in Horizon, do we still need the DS in this case? If not, how can we proceed with adding multiple IdPs in the system?
Any guidance or advice would be greatly appreciated.
Thank you for your help!
Best regards,
Bakur Sait