[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Seeking contract help with deploying a IdP initiated deployment

"Shawn O'Connor" <soconnor@xxxxxxxxxxxxxxxx> said:
> We're deploying a project where we need users from an external
> company to be able to use our web application via SSO. We have
> successfully done SP-initiated deployments before but are having
> some problems doing it in reverse (IdP initiated). Is there anyone

Please define "SP Initiated" and "IdP Initiated".

>From your description it sounds like you have had success in situation where your SP
already existed with its user accounts and you migrated to your SP + your IdP model
where your customers agreed to use your IdP. Right?

On that background, I would recon IdP initiated project to be one where customer already
has IdP for its employees and they want to just start using your SP. This scenario will
present a provisioning problem. Can you say why the new external IdP users can't be
considered green field users? Is there some data about them that needs to be provisioned
before they first hit your SP site? Would you not be able to perform "on the fly" provisioning
once you know their IdP and their IdP assigned NameID?

Overall, your problem sounds solvable.

> on this list that has successfully implemented a SSO implemented
> IdP-initiated project before that has some available contracting hours to help? 

Yes, I am available.


> Thanks!
> 	-Shawn