Ipsilon should be configurable to have multiple sources of identity and authentication for different namespaces. Imagine company A and company B. Each of them wants to use a resource protected by Ipsilon. Ipsilon would be configured to have different URLs one company A and another for company B. This RFA requests the capability to add additional tenants over the API.
summary: [RFE] Provide and API to add tenant configurations => [RFE] Provide an API to add tenant configurations
Simo and I recently discussed a similar concept of "login stacks". The idea is that the login page would have a list of these stacks to select from. This doesn't allow for tenant isolation though (separate Ipsilon URLs per tenant). I think that multiple URLs is actually problematic, as you would need to have separate IdP metadata for each URL. This really turns into multiple Ipsilon instances, which is quite possible on a single system.
The idea of multi-tenancy as described seems a bit backwards to me. Typically, company A and B would each have their own IdP, and they would register other SPs with it. I'd like to understand more about the use case.
milestone: => Backlog
As mentioned in comment#2, this is already possible by creating multiple IdPs on a single system. Closing this ticket.
resolution: => invalid
status: new => closed
Metadata Update from @nkinder:
- Issue set to the milestone: Backlog
to comment on this ticket.