3 Replies Latest reply: Aug 2, 2012 12:59 PM by Carly Wennogle RSS

    SAML - Using Multiple Identity Providers

    deker41

      Hi,

      Does anyone know if it is possible to configure jive 5.x to support two different saml identity providers?  If yes, would sp-initiated flows somehow still be supported? 

      Thanks,

      Doug

      • Reply
        • Re: SAML - Using Multiple Identity Providers
          justin.hein

          Doug,

           

          Thanks for your question. Do you have any more background to what you're trying to accomplish? This will help me understand if Jive can do this. Also, Jive for Teams is only available in the latest release of Jive. If this is for your current instance, we might want to move this discussion to a place in the Jive Community that would have better visibility. I look forward to your reply!

           

          Justin

            • Re: SAML - Using Multiple Identity Providers
              deker41

              Hi Justin,

               

              My scenario is this. As of today, we are using a custom sso solution that allows users from basically 2 different organizations to access our single instance of jive.  Each organization has its own set of users, in their own ldap and have their own authentication platforms.  The way we do this today is each organization creates an encrypted cookie that is passed to the custom jive sso plugin.  I want to retire this custom solution and move to saml.  Each of these two organizations have a saml platform that can create and post an assertion to jive.  I suppose we could configure each org's saml platform to create the same assertion  (signed with the same key).  Jive wouldn't even need to know that they might have been created by two different orgs (identity providers).  I suspect that would work - we would need to try it out.

               

              Somehow we will need to make sure that a user is sent to the right org to authenticate, but I guess we could configure the login button on jive to bring the user to a page that has a link "click here to login via org 1"  and another link "click here to login via org 2".  When we enable saml, is the login button automatically configured to point to the saml identity provider?  If so, I think we would need to override that...

               

              Does this all sound right to you? 

               

              Thanks,

              Doug