Using multiple IdPs with IdentityServer4 and Sustainsys.Saml.AspNetCore2

[dejancg]

Hello,

I am trying to register multiple SAML Identity Providers to IdentityServer4 using one middleware per IdP. I store my IdPs in the database and for each of them, I call this method:

private static void ConfigureIdentityProvider(SamlIdentityProvider provider, AuthenticationBuilder app)
{
    var spOptions = new SPOptions { EntityId = new EntityId(provider.ServiceProviderEntityId) };
    var samlIdP =
        new IdentityProvider(new EntityId(provider.EntityId), spOptions)
            {
                LoadMetadata = true,
                MetadataLocation =
                    provider.MetadataAddress
            };
    app.AddSaml2(
        provider.AuthenticationType,
        provider.Caption,
        options =>
            {
                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                options.SPOptions = spOptions;
                options.IdentityProviders.Add(samlIdP);
            });
}

When trying to log in using any identity provider but the first, I get the error KeyNotFoundException: No Idp with entity id "<IdP EntityId>" found. This is because when redirected to https://my-identityserver4-url/Saml2/Acs from the IdP, there doesn't seem to be any IdP in IdentityProviders dictionary except the first one that was registered.

Am I registering these providers correctly, or do I need to keep the reference to IOptions instance passed to AddSaml2 method? Or something else?

Thanks.

[AndersAbel]

You need to set a separate ModulePath for each handler instance. Now they all get the default and thus the first handler will try to process any inbound request - but it only knows about the first Idp - thus the error.

[IAMHK90]

@dejancg, are you able to make it work with multiple IDPs? I'm having the same problem. Please advise.

[dejancg]

@IAMHK90 There is a ModulePath string property in SPOptions under Saml2Options. Make sure this ModulePath is unique for each IdP.