pitbulk
commented
1 year ago An Entity ID is a value that identifies entities in a SAML federation. We have Identity Providers (IdPs) and Service Providers (SPs) and each should be identified by a unique value.
When the circle of trust is created between identities:
- SPs register IdP Entity IDs and its metadata (endpoints and public certs).
- IdPs register SP Entity IDs and its metadata (endpoints and public certs).
In some environments you connect 1 IdP -1 SP, but in other scenarios you can need to connect 1 IdP - N SPs, or N IdPs - 1 SP., or N IdPs - N SPs.
When there are many, the Entity ID needs to be unique, otherwise, you can't identify who sent the SAML Message.
That said, I don't understand much the issue you are experiencing.
This toolkits implements a Service Provider, so you must connect it with 1 or multiple IdPs, but never can't connect with other SP directly.
Durring configuration with AzureAD i have made a discover and it is confusing me. AzureAd tells me that the appid withthe sp('entityId') value is not on my tenant that was true. The misleading is that the idp('entityId') was not send but entityId from the sp table one was.
After a moment i thouth that was natural way but all apps i had configure by now was authentified with my idp SAML was by the idp entityID with all others framework.
if Application uri is configured using AzureAD SAML Toolkit (wich is not possible as is without this app) mostly cause app uri outside domain must be validate as trusted one so i do not want to and appid is readonly.
To clarified the situation i need to understand the mean of idp('entityid') that is curently usless my case and of sp('entityId') that have to be put as the idp identifier of the app or if it is a bug.