...
To answer these questions, you have to understand how the software is designed to interact with and relate to the resources it's protecting, the URL "space" of the server in other words, and how it exposes this relationship to the IdPs you hook it up to. These aren't things that any standard, including SAML, dictates, and this is not the only way to implement an SP. But it is how this SP works.
| Table of Contents |
|---|
Logical and Physical SPs
A single installation of the SP software can act as many logical, distinct "services", and a single logical "service" can span any number of physical hosts.
...
An application is a collection of related resources. Each user session is connected to a single application. Each application has its own set of handlers, particularly dedicated Assertion Consumer Services that must be registered in the metadata for the logical SP that contains the application. A resource is always associated with a single application, and an application is always associated with a single logical SP.
...
The details are described here, but in general this is done by either of:
- using the
ShibRequestSetttingShibRequestSettingApache command in an appropriate place - adding it to an appropriate child element inside the
<RequestMapper>
...