Generic SAML2 integration vs ISAM, multiple IdPs

[micsafi]

Regarding the ISAM integration functionality, which seems to be based on generic SAML2 integration feature (samlWeb-2.0) from Websphere Liberty:

• Do you see any reason why the ISAM config would not work with other SAML2 IdPs? Have you tested with other IdP solutions?
• Is there a way to configure multiple SAML2 based IdPs, in a scenario where users are managed in different IAM solutions?

[inalasai]

Do you see any reason why the ISAM config would not work with other SAML2 IdPs? Have you tested with other IdP solutions?

ISAM specific config may not work straightaway with other IdPs as endpoints may differ between IdPs from different vendors. We haven’t tested with other IdP solutions but one of our customers has recently configured SPM successfully with Oracle Access manager. We are currently working with them to support SP flow SSO with SPM Universal Access web app on Weblogic using OAM.

Is there a way to configure multiple SAML2 based IdPs, in a scenario where users are managed in different IAM solutions?

Almost every application server supports configuration of multiple IdPs. SPM which is based on SAML2 supports it as well when deployed on an application server that is configured to interact with multiple IdPs. Again we have not tried this in-house but we don’t see a reason why it would fail. We have a plan to try this in future. SPM Universal Access web app (React based application) does not support multiple IdPs OOTB as we don’t see a need for supporting mutliple IdPs for single instance of UA web app. UA web app supports pluggable authentication functionality where customers can customise the OOTB SSO authentication module to support multiple IdPs.

[wwwild]

Closing as the questions have been answered.