Currently we are connecting our Splunk Searchheads to our idBroker. The idBroker supports the use of multiple id Providers.
According to the documentation, Splunk only uses three fields: role, realname and mail.
(https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/ConfigureSSOinSplunkWeb and
https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/Authenticationconf#Authentication_Response_...)
But since we will use multiple idProviders, we will need to map the scSourceIssuer too.
(http://schemas.swisscom.com/ws/2019/01/identity/claims/scSourceIssuer=scSourceIssuer)
Does anyone know who to solve that?
Request a feature on ideas.splunk.com, asking for support of more than 1 SAML IDP.