we are using PingFederate for SSO and is SP initiated. and Ping Federate will act like Idp. For application there are 2 webservers(for high availability
My questions is 1. can we provide two urls as default(In console as only one url can be set as default. in this case can we provide two comma seperated urls).
Thank you!
I think you want to publish the assertion consumer service URLs in SP metadata, as it is specific to the service provider.
You can have unique or same ACS endpoint for specific binding the SP supports and the endpoint has to understand response wrt to binding from IdP. Also ACS endpoints can be indexed and any one can be set as default in the metadata. Example:
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sts.contoso.com/adfs/ls/" index="0" isDefault="true" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sts.contoso.com/adfs/ls/" index="1" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sts.contoso.com/adfs/ls/" index="2" />
As long as IdP can reach the SP server from outside world, you could use load balancer URL.