When you enable multiple identity providers for SAML, the platform will automatically add the appropriate security beans configuration.
However, during future updates to the platform, there may be other changes to security beans.
In this case, you will need to restore the security beans for the additional IdPs.
Upgrade steps for SAML with multiple IdPs
To incorporate any changes, when you upgrade Abiquo, do these steps:
Before the upgrade go to your SAML configuration at:
/opt/abiquo/tomcat/webapps/api/WEB-INF/classes/springresources/security/saml
and back up the following security beans files:- security-saml-generated-beans.xml
- security-saml-provided-beans.xml
- After the upgrade, you may find new files with the extension of ".rpmnew"
- Move any old files and rename the new files to the original file names
- Edit the new files and make the changes as described below.
SAML security beans and default IDP configuration
To add the SAML security beans for your IdP providers and set the defaultIDP property in the metadata attribute:
Do not copy the example below! Modify the configuration files for the current version of your software.
Create the defaultIDP property after the constructor arg
<property name="defaultIDP" value="${abiquo.saml.metadata.identityprovider.default.id}"/>Add beans for each IdP to the list in the constructor that starts with 0. For example here we added a reference to bean "ipdMetadataDelegate1"
<constructor-arg> <list> <ref bean="ipdMetadataDelegate"/> <ref bean="ipdMetadataDelegate2"/>Copy the first bean and modify it to create a second bean.
Change the bean ID to match the IdP ID from the list above
<bean id="ipdMetadataDelegate2"
In the value, set the item to get the IdP path from the IdP list in the abiquo.properties file. For our example, add a "1" .
<bean class="org.opensaml.util.resource.FilesystemResource"> <constructor-arg value="#{'${abiquo.saml.metadata.identityprovider.path}'.split(',')[1]}" />
Example of two IdPs from Abiquo 5.2.1
This example is a guide to the initial configuration that abiquo will create when you first configure SAML with multiple IdPs. 
Remember that you must use any file added to your system as part of the upgrade. Do not copy this file!
<!-- IdP and SP metadata definition -->
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<ref bean="ipdMetadataDelegate"/>
<ref bean="ipdMetadataDelegate2"/>
</list>
</constructor-arg>
<property name="defaultIDP" value="abiquo.saml.metadata.identityprovider.default.id"/>
</bean>
<bean id="ipdMetadataDelegate0" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.FilesystemResource">
<constructor-arg value="abiquo.saml.metadata.identityprovider.path-1" />
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
</bean>
<bean id="ipdMetadataDelegate1" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.FilesystemResource">
<constructor-arg value="abiquo.saml.metadata.identityprovider.path-2" />
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
</bean>