The iPaaS 2021.3 release supports some IdPs that allow multiple ACS URLs, enabling both IdP-initiated and SP-initiated logins. Configuration requires adding ACS URLs in order: first the IdP-init endpoint (e.g., /clients/idpid-sso), then the SP-init endpoint (ending in /endpoint).
Applicable Product:
- iPaaS
Applicable Release:
- 2021.3 iPaaS release and up
Summary:
There are some IdPs that can support multiple ACS URLs and can therefore support both IdP-initiated and SP-initiated logins.
Details:
The configuration work to support both IdP- and SP-init is done inside of the customer’s IdP configuration, assuming their IdP allows for the option to have multiple ACS URLs enabled at one time. Both endpoints should have been provided but if not, please reach out to your PeopleFluent contact.
To do this, they would need to add the ACS URLs in a specific order:
- First, the IdP-init endpoint (ending in
/clients/idpid-sso, e.g./clients/test-adfs-sso) Second, the SP-init endpoint (ending in
/endpoint)Example: ADFS IdP
Generally, the IDP-Init URL will need to be listed first, then the SP-Init URL.