Support for Multiple OpenID Connect Providers per Instance

[v1lling]

Currently, the SimpleSAMLphp OpenID Connect module does not support multiple OpenID Connect (OIDC) providers per instance. In contrast, SimpleSAMLphp natively supports multiple SAML Identity Providers (IdPs) by defining multiple metadata entries, like so:

<?php
/* The index of the array is the entity ID of this IdP. */
$metadata['entity-id-1'] = array(
    'host' => 'idp.example.org',
    /* Configuration options for the first IdP. */
);
$metadata['entity-id-2'] = array(
    'host' => '__DEFAULT__',
    /* Configuration options for the default IdP. */
);

It would be great if a similar approach could be implemented for OIDC providers, allowing a single SimpleSAMLphp instance to serve multiple OIDC configurations.

Is there any existing workaround for this? Would this be feasible within the current architecture of the module? Any guidance on where to start if someone wants to contribute to this feature?

[cicnavi]

Huh, the module currently assumes a single set of provider settings... However, I think you could take advantage of SIMPLESAMLPHP_CONFIG_DIR like described in SSP docs: https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#location-of-configuration-files

So, I can imagine multiple VirtualHosts each pointing to different configuration files with relevant configurations per OP. Since the configs are plain PHP files, I think I would also create some default config files, and then extend those per OP...

How does that sound?