Hi Mohib,
Edit: Sorry now I got you meant by redirecting to IDPs based on hitting SPs, I got your point.
On how to decide the IDP part, Gluu should always ask the username from the user, based on the username entered it will determine the IDP based on following procedure and then redirect to the correct IDP. For example, these days Gmail is asking the username first after submitting it it would ask password. But in my case I would like to be able to either ask password in the next step or redirect to a separate IDP if one exists for the user organization.
Basically, I went through this: https://spaces.internet2.edu/display/GS/SAMLIdPProxy
But it seems like even shibboleth has no documentation on how to do something given in the above link.
But what I kind of need is:
Gluu server should call a script which returns the domain given the username. The script might contact other customer services/api to determine the right IDP not just the domain. The external api will take care of determining the IDP based on the custom criteria.
Gluu server facilitates custom Jython scripts for authentication right, in the same way, it should be able to call the selector script.
Thanks for taking my question into consideration.
Also, in the current Gluu selector as you have explained, I would like to know how does a Single Sign On works. For example SP1 accesses Gluu and redirects to IDP1, now if SP2 accesses Gluu from the same browser would it authenticate the user as the authentication already happened through Gluu or will it again redirect to IDP2?