Hi all!
Is there such a think as IDP to IDP authentication?
Where I work we have this setup:
[Client IDP] <----> [Work SP]
– Client gets authenticated thru their portal
– Client navigates to our site, because we are setup as sp then they are authenticated to our site via saml2
What they want
[Client IDP] <----> [Work SP]
[Work IDP] <----> [VendorSP]
– Client gets authenticated thru their portal
– Client navigates to our site, because we are setup as sp then they are authenticated to our site via saml2
– Client navigates to vendor thru out site and are authenticated via Work IDP.
If everything was going thru a single IDP this would be easy.
Is what I’m being asked to do even possible? I’ve never heard of anything like IPD to IDP communication. It would be like logging into Google with your Apple account…
If anyone has some insight or advice I’d appreciate it!