asp.net - How to determine which IdP to redirect from a SP? -

asp.net - How to determine which IdP to redirect from a SP? -

i'm building sp initiated single sign-on, , wondered best practice determining identity provider redirect user to.

here options i've come with:

/sso/logon/acme, acme name of known idp.

we know endpoint url provider, , redirect user. downside, anonymous user can detect idps support guessing names , checking redirect.
/sso/logon/1, 1 id of identity provider.

same problem.
/sso/logon?endpointurl=http://idp.acme.com

we blindly redirect authnrequest endpoint, , unauthorized endpoints rejected when respond
/sso/logon/abcdefg abcdefg cryptographically secure random string

we lookup endpoint url associated key, , know redirect. similar first 2 options, not guessable

this must solved problem. what's best way handle this?

Comments