This setup example illustrates how to enable SAML SSO on two different Web Resources as two Service Providers.
Follow these steps:
Add login1.company.com as "DNS Name for Access Point" in DNS Name tab, found in Global Resource Settings section.
Add web1.company.com as "DNS Name to Pool" in DNS Name tab, found in Global Resource Settings section.
Add a Web Resource Host of your choice, verify it responds to a HTTP GET requests.
Select tab "Advanced Settings"
Set "Link Translation Type" to "Reserved DNS mapping".
Set "Mapped DNS Name for HTTP" set to "web1.company.com", the host-name the user will access to get to the resource.
Set "Access Point DNS" to "login1.company.com", the host-name the user is redirected to for SAML login.
Add a new SAML Federation named "web1" and enable Role Service Provider.
Select tab "Export"
Enter value "https://login1.company.com/sp" for "Entity ID"
Set "Access Point DNS Name" to "login1.company.com"
Click download metadata and import the Service Provider's metadata to the Identity Provider system. Also, import the Identity Provider's metadata to this SAML Federation. This is done in the "Role Service Provider" tab. Note: The Identity Provider setup is not covered here.
Save the SAML Federation when done.
Repeat all steps above for a second Web Resource Host, use for example: login2.company.com and web2.company.com.
Click publish.
Open a browser and test to access "https:\\web1.company.com" and "https:\\web2.company.com", verify correct Entity ID is used in the SAML authentication request.
Hint: Check that the Service Provider host-name is different from the host-name used by the Identity Provider. If both uses e.g. *.company.com then user's cookies could be overwritten, resulting in unexpected behaviour.