Configure as SP with multiple IDPs

[gitdrk]

• AspNetCore: 2.1 (migrating to 3.0)
• IdentityServer 4
• SustainsysSaml2.AspnetCore: 2.7.0
• My Post on SO https://stackoverflow.com/questions/62432853/adding-idps-after-startup

I have configured an instance of IdentityServer4 to act as a SP using this library. I am able to successfully use multiple IDPs by adding multiple Schemes for SP initiated SSO.

Here is the code I use for this which works well but it creates multiple instances of the SP.

        //add IDPs at startup - saml providers comes from DB
        foreach (var samlProvider in samlProviders)
        {               
            authenticationBuilder.AddSaml2(samlProvider.Scheme, samlProvider.Name, options =>
            {                   
                var entityId = new EntityId(my.EntityId);
                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                options.SPOptions.EntityId = entityId;
                options.SPOptions.ModulePath = samlProvider.ModulePath;

                if (samlProvider.MinimumSigningAlgorithm != null)
                    options.SPOptions.MinIncomingSigningAlgorithm = samlProvider.MinimumSigningAlgorithm;

                var idp = new IdentityProvider(entityId, options.SPOptions)
                {
                    Binding = Saml2BindingType.HttpRedirect,
                    LoadMetadata = true
                };

                if (samlProvider.MetaDataLocation != null)
                    idp.MetadataLocation = samlProvider.MetaDataLocation;

                options.IdentityProviders.Add(idp);
            });
        }

• Is it possible to use the same SP, include multiple IDPs and still redirect the user to the correct IDP based on schemes, or do you have to do custom redirects?

• Is it possible to programmatically add IDPs outside of startup using either method?

• Is it possible to access the SPOptions for schemes via an Injected Service?

Thanks in advance for any assistance!

[AlexOliinyk1]

Any updates here?

[AndersAbel]

Looks like something to investigate for the v3 work - I am thinking of a redesign with the IdentityProviders vs. schemes architecture.

[ghstahl]

Does anyone have a fork that we can use in the meantime.

[IAMHK90]

@gitdrk , Mutiple instances of Identityserver meaning different urls?
did you find a way to create single instance of Identityserver with Mutiple saml IDPs?