Brent, Are you saying that the user authenticates first with CAS and is then redirected to a SAML IdP? Or how will you determine to which IdP a user will be sent?
Ray On Tue, 2019-05-21 at 07:45 -0700, Brent Smith wrote: Hi, I'm trying to set up a new CAS implementation that delegates to multiple SAML IdPs, with each IdP representing a distinct slice of the user base (one IdP per customer). Is there a way for me to restrict one IdP from attempting to authenticate a user from another IdP? I thought about building a custom PersonDirectoryPrincipalResolver, overriding the resolve() method to ensure the Credential "matched" the appropriate AuthenticationHandler. Is there another way to do this that doesn't require custom code? Thanks, -B -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a8941475a583048f774e25db61da7d71de6a46e6.camel%40uvic.ca.
