Several identity providers

[ghost]

Hi @hslavich! Is it possible to have several different identity providers? For example: config.yml hslavich_onelogin_saml: idp1: ........ idp2: ........ sp: .......

How can I dynamically modify config if not?

[PatrickHuetter]

Yes that would be interesting. In todays workloads there are often multiple IDPs and it's also needed to configure them dynamically while application lifecycle because you might manage them in your database or similar.

[htuscher]

As we urgently needed that, I just built it. See my PR. So thankful for this library. Doing SAML is just pain in PHP.

[guillaumepotier]

[Repost from PR just in case ;)]

Hi guys,

I'm just seeing this issue and this is great news for us because we are looking to integrate SAMLv2 login in our application, for various distinct customers, and thus we need multiple idps. (see my original stackoverflow question here).

We initially were planning to create our own open source bundle (another one...) to address this issue since no other one seemed to be interested by this feature. I think it should be better for the Symfony community to minimise the number of similar bundles out there and we'd be interested to contribute here and help implementing this feature on this bundle.

How could we help there? How should we plan to support this while do not making BC breaks (or bumping major version with BC breaks inside?).

We'd be glad to support this change and make a PR once we're okay on the way to implement/configure it.

Best

[hslavich]

The PR was merged but it introduced big BC breaks and other issues. It seems this features needs some BC break and it should be tested properly. Theres is a branch 'multipleidps' that you can use for testing and modifications. I'll be working in this feature soon. Thanks

[guillaumepotier]

Theres is a branch 'multipleidps' that you can use for testing and modifications. I'll be working in this feature soon.

Great to read that. What is your definition of "soon" ? :) We'll need it by the end of the year, and will fork your repo and contribute. If we could help you on that feature, please don't hesitate to tell us.

Do you want us to test it? Do you want to change the way multiple idps are configured?

It would be great if we could help you the right way on that matter :)

Cheers 🍻

[hslavich]

It would be great if you can test it with Symfony 3 and 4 and give some feedback. Unit tests should be updated too, that will help a lot. Maybe this current state works for you and you can use it with no big changes.

[htuscher]

We are using it in a production application with Symfony 4.3.8 and API Platform.

[mathieu-gilloots]

I would love this feature too. Is there any implementation with database configuration instead of file config ? Indeed our client have their own SSO (and 1 per environment staging / prod) and it will be great if We could configure them through database.

Thanks

[htuscher]

You can implement that yourself using CompilerPass in Symfony.

[tobyski-tdsultra]

Can anyone tell me if support for multiple IDPs was ever added officially? I can see the experimental multipleidps branch is a couple of years old now.

[a-menshchikov]

@tobyski-tdsultra, multiple IdP support not added yet.

[mansourih]

It is a mandatory evolution for me. I am forced to use another solution. My application must establish an sso connection to 2 different IdPs.

[a-menshchikov]

If you using Symfony 6 for your application, you can use nbgrp/onelogin-saml-bundle that supports multiple IdP configuration.

[mussbach]

This is great news, but what if we are not able yet to use Symfony 6? Any advice?

[a-menshchikov]

Unfortunately I have no advice right now.

[gprince64]

Hello there, Sorry to bump this old issue.

We are upgrading an old SF 3.4 project to newer SF5, and the old SAML bundle I used is no longer maintained for SF5.

I am wishing to use this bundle, but we must have different IDPs configured for our project. Will this feature be available soon ? If not, should I consider using the multiple idps branch ?

I cannot use the SF6 https://github.com/nbgrp/onelogin-saml-bundle because SF6 breaks several other bundles we are using. Kinda stuck on this right now....

[a-menshchikov]

@gprince64 hi. AFAIK, there is no plan to add multiple IdP support. The separated branch is quite outdated.