xozabalat

I was recently tasked to setup a single sign on case between two web applications.  Application one (App 1) is a multi tenant SaaS offering using an identity provider, Idp, coupled with Microsoft Active Directory Federation Services, ADFS, for users to authenticate (App1 ADFS). Some of the users of this application use their corporate Idps to login, federating with application 1 (Client A ADFS). Federation Setup Application two (App 2) is SaaS, multi tenant, and accepts user authentication from another ADFS using SAML protocol (App2 ADFS). Setting up the single sign on was relatively straightforward. I will skip the details here. Once it was in place users using application one idp was able to login to App1 and navigate to App2 seemlsly. The more tricky part was to allow users of App1 who are using their corporate Idps to access App2. To Achieve this I decided to use Idp initiated SSO with relaystate to bypass any screens in between. There are some articles on the Internet on how to co