Python SAML OneLogin - How to support multiple Identity Providers

Question

I'm relatively new to SAML and came across the OneLogin Python SAML library. I was able to get it up and running with my web app being the Service provider (SP) and OneLogin being the Identity Provider (Idp).

I would like to be able to add support for other Identity Providers as well. However, I find that the python-saml library is using a settings.json to get the Idp information. I have looked at the following issues on their Github project but have been unable to get an actionable solution: [1] https://github.com/onelogin/python-saml/issues/64 [2] https://github.com/onelogin/python-saml/issues/52

Has anyone been successful in using this library to be able to support multiple Identity Providers?

Answer 1

This was answered in the git repo:

The toolkit was not initially designed to be used with multiple IdPs, instead with the OneLogin IdP, but you can with a little effort support multiple IdPs.

In the toolkit you will see 2 demos (django, flask) that uses a settings.js file that contain a json object.

In order to support multiple IdPs you can store each IdP-SP data on different files or store different json objects on a database.

After that, it's up to your application to provide a mechanism to tie different tenants to different IDPs. Most folks typically configure their application to either do this via subdomain (sometenant.myapp.com) or URL (www.myapp.com/sometenant) - with settings configured differently for each tenant

Once you've done that, SAML is SAML and it should work with any IDP that supports it.