Finding so far :
The issue is that when there are multiple SPs configured for the same host url
the default implementation of SA_IDP.jsp:getTrustedSP() has no choice but to
pick the first URL match with the entityid.
While plausible - it is not very likely practical delployments will have
multiple SP metadata registered with the same IDP.
So for the specific POC - it is recommended a single per-SP metadata be setup on
In general - the default implementation in SA_IDP.jsp to pick the pick the
first matching SP is perfectly okay since there is no way to write a generic
routine that can take care of all cases.
One possible enhancement is to allow the IDP-APP to specify the SP entity id to
be used as part of the SAE blob - eg a parameter called "spentityid" - this
param can be used by SA_IDP.jsp to identify the sp entity id and to fall thru to
calling getTrustedSP() if one is not specified. In general this option should be
used in advanced usecases only .