We are looking to present Passwordstate via a differrent URLs to our internal & external users External users proxied via a browser based VPN), while still using SAML protocol to authenticate users and the same IDP configuraiton.
When decoding a SAML auth request from Passwordstate, the optional AssertionConsumerServiceURL value is not included. Since this value is not specified, the IDP will always redirect users to the default AssertionConsumerServiceURL configured in the IDP, despite other AssertionConsumerServiceURLs being present in the IDP configuration - whihc means that regardless of the URL used to access passwordstate, the user will always be directed to the default IDP replyURL.
If this field was built from the users current URL/domain and supplied in the request, then as long as the URL used is configured in the IDP, the IDP will redirect the user to their original URL on successful auth. This would enable 1 IDP configuration to be used for multiple app urls/domains.