We have an OutSystems instance that is shared with multiple teams and applications. Each application will have its own domain/subdomain. Most apps will use the same 2 top level domains (such as *.apps.example.org). We want to create one SAML config that can be shared across those apps.
The problem is that on the IdP provider end, they validate the ACS. So myapp1.apps.example.org/IdP/SSO.ASPX and myapp2.apps.example.org/IdP/SSO.ASPX both need to be entries that the IdP provider has. We were are hoping to have one ACS that can be leveraged by every app (under apps.example.org) and then redirect properly. When using one ACS (such as auth.apps.example.org), the SSO POST back and redirect in OutSystems send it to Service Center (as no app at that domain exists in the Site List Rules). Is it possible to have this redirect properly back to the originating app with its own domain name?
I don't really get what you mean, but we have similar setup with multiple applications using this setup. We have either appname.domain.com or app.domain.com/appname ( yes, inconsistent I know ) .We have a config for each app in the IdP and AD, of course.
Works pretty well.
HTH a bit
Regards,
Joost
Since we plan on having many apps, we were hoping to set up 1 configuration to support most or all of them and not have to create a new one each time. So appname1.domain.com has a config set up once in the IdP module. Ideally, appname2.domain.com would not need a new configuration as it would be able to leverage the existing one. When we shared an ACS like auth.domain.com/IdP/SSO.aspx (not an app), it would work, but not redirect back to the original app (just went into Service Center).
Ah!
Well we just got it working with a configuration per app. I stepped in later, so there were already some and I didn't want to rattle any cages.
Hope you succeed and please share your results.
Best of luck,