Identity Providers partitioning¶
Identity Providers partitioning divides Identity Providers repository into partitions. It means that IdP for specific IdP type must be unique within each partition (except SAML IdP).
Prerequisites¶
Please read Persons partitioning topic guide before reading this topic guide, as IdP partitioning is based on the same mechanisms.
IdP Global partition¶
There is a special partition called Global. If IdP is defined in Global partition it is available in all partitions (only Username and Password IdP is supported).
Additionally if Username and Password IdP is defined in Global partition, there is no possibility to add new Username and Password IdP for any specific partition.
Example¶
Extension is configured to with 2 valid partitions (PartitionIdListProvider interface):
p1p2
PreSessionProcessExtension on the extension side is configured as follows:
| Hostname | Active partition |
|---|---|
| http://idp-core-1.dev.onegini.me | p1 |
| http://idp-core-2.dev.onegini.me | p2 |
And Onegini IdP is configured to contain following IdPs in the admin panel:
| IdP name | IdP Type | Partition |
|---|---|---|
| unp | Username and Password | Global |
| fb1 | p1 | |
| fb2 | p2 |
- If user enters
http://idp-core-1.dev.onegini.meand wants to register usingUsername and PasswordIdP, thenunpis chosen, because there is noUsername and PasswordIdP defined in partitionp1. - If user enters
http://idp-core-1.dev.onegini.meand wants to register usingFacebookIdp, thenfb1is chosen. - If user enters
http://idp-core-2.dev.onegini.meand wants to register usingFacebookIdp, thenfb2is chosen.