Single SSO provider for multiple domains
How the SSO server can distinguish between various domains
If your SSO provider is used for authentication against multiple Comentario domains, and you want to know which domain triggered the authentication, you can use one of the two options.
Either option assumes you add some data to the SSO URL you configured for a specific domain.
- Domain name or ID can be added to the SSO URL path, e.g.:
https://sso.example.com/auth/3f63a124-6208-4e2b-a7a0-651e6e317744
, and let the SSO provider use that path element. - Domain name or ID can also be added as a query parameter in the URL. Comentario will keep any existing query param in the SSO URL, and will only add (or replace)
token
andhmac
as described above. Therefore, you can use a URL likehttps://sso.example.com/auth?host=myblog.org
. Then your SSO provider will need to look at thehost
parameter value and perform the authentication for this specific domain.