Newbie here trying to work out a solution for this login scenario: There are multiple, unrelated G Suite domains that we'd like to set up for Enterprise login. Since each domain is considered a different idP, it looks like I need to set up a federation of Identity Providers and provide a discovery service.
I found Shibboleth's EDS and configured it with 2 of the domains. For simplicity's sake I am hosting it on the same server as Portal itself (/arcgis/home/wayf).
When selecting the Enterprise Login option at the signin screen, the discovery page renders correctly. But selecting a domain results in a 400 error:
Unable to login using Idp sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
One possible cause is that, while configuring the federation in Portal's settings, I didn't have a value for the certificate so I ended up using one of the idP's instead. Other than that, I'm not sure how to continue troubleshooting this. Any suggestions or alternative approaches?