Oh. Actually I have partnership federation established. I don't have legacy federation
So the SAML 2.0 auth scheme can be used only in legacy federation scenarios?
My requirement is that I have several realms that I need to authenticate by sending the user to an IDP. How would I do that using partnership federation?
I don't want to create a new partnership for each realm obviously because that'd become impossible to maintain.
Ideal scenario is this.
1. User accesses resource in realm
2. User is redirected to IDP with relay state as the resource in realm
3. User is authenticated by IDP
4. SM reads the saml response and disambiguates the user
5. Creates a SMSESSION for the user and redirects the user to the RelayState URL (assuming I have relaystate overrides target set in the partnership)
In this case,
How would I protect the realm so that if the user goes to that realm, SP initiated federation is initiated?
Regards,
Anand.