Currently we are connecting our Splunk Searchheads to our idBroker. The idBroker supports the use of multiple id Providers.
According to the documentation, Splunk only uses three fields: role, realname and mail.(https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/ConfigureSSOinSplunkWeb andhttps://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/Authenticationconf#Authentication_Response_...)
But since we will use multiple idProviders, we will need to map the scSourceIssuer too. (http://schemas.swisscom.com/ws/2019/01/identity/claims/scSourceIssuer=scSourceIssuer)
Does anyone know who to solve that?
Request a feature on ideas.splunk.com, asking for support of more than 1 SAML IDP.