I had an interesting use case come up this morning and I am wondering if there are any “federation” products that can handle this use case. My client would like to configure the IDP to handle different sets of users (let’s call them “internal” and “external”). To avoid the external users from being redirected to the IDP directly it has been front-ended with a proxy (Apache HTTP) located in the DMZ. Internal users should have access to the same same SPs … but probably don’t want the internal users getting redirected to the proxy located in the DMZ. One of the products that I work with can only have one “server url” configured (that I know of) … do other products allow for multiple URL’s to be configured? Would love to hear if this is actually a “problem” and if so how other vendors have implemented. The easy solution on our part is to deploy another federation server (IDP) to handle the different users … personally I hate to keep telling the customer to deploy a new instance each time a new use case comes up. I don’t think that scales very well.