I have a site that hosts some apps on IIS. It is configured for SSO with shibboleth and azure. The issue is that i have a new URL now and i want it to work conncurrently with the old one SSO and all f.e the site had URL site1.domain.old.com and now it has also site1.domain.new.com.
There is an app configured in azures with 2 different registrations for each one of the URLS . And we dont want to change anything about the original registration for the first URL to avoid downtime.
The setup works but the issue is that when a user uses the old URL after the authentication with azure, instead of being routed to site1.domain.old.com he gets send to site1.domain.new.com
I have tried several configurations in shibboleth to fix this but nothing work, and sadly i have limited access to azure AD admin portal for me to troubleshoot this.
The final goal is for the site to have both bindings , which each has a registration in azure for SSO. and for the users to be redirected to the appropriate URL they use.
For anyone facing the issue in the future. The problem was solved by duplicating the site on IIS and giving it the new binding while it points to the same base dirs as the original site. and then creating a new integration on azure for the new url. On the shibboleth conf just add the new site id with the site url, as well as the entry and path BUT with adding the appricationid tag on the new site you wanna authenticate. After that before the closure of the section add inside it an with the new url the appid you gave it on the section and then make it point to the meta data of the new integration. Restart shibboleth and iis and both old and new urls now have sso and mfa working with the same code base on the background.