When the same Access Manager server hosts more than one SAML service provider and federate with another Access Manager acting as an identity provider for these service providers, Access Manager must send different sets of attributes in SAML 2.0 assertions to these service providers.
Perform the following steps to create multiple service providers on the same Access Manager host:
To create multiple service providers from the same identity provider metadata, modify the identity provider's metadata's entityID manually for each service provider. You can import the metadata text that was edited in the Access Manager configuration to create service providers with different entity IDs.
For information about creating a service provider, see Creating a Trusted Service Provider.
In Administration Console Dashboard of the SAML 2.0 identity provider, click Devices > Identity Servers > Servers > Edit > SAML 2.0 > Service Provider > Options > New.
Set the SAML2 AVOID AUDIENCE RESTRICTION property to true. Setting this property to true avoids audience restriction in the SAML 2.0 assertion.
To avoid the spnamequalifier attribute in nameidentifier of the assertion, do the following:
In Administration Console of the SAML 2.0 service provider, click Devices > Identity Servers > Servers > Edit > SAML 2.0 > Service Provider > Options > New.
Set the SAML2 AVOID SPNAMEQUALIFIER TO property to true.
Click OK.
Restart Identity Server.
NOTE:This is possible when identity provider and service provider are deployed on Access Manager.