Recommendation for IDP management.

We have a website which works as SP-Initiated saml authentication. We have set up with one IDP client as of now and plan to have more. I need a recommendation for the following. 1. What is the best way to manage IDP’s and various possible configuration 2. With the first Idp client, we retrieved the required configuration from the metadata file and saved in Database through db scripts a. Is this recommended with many IDP client? b. Should we use a metadata file strictly to manage all configurations? c. Also, is their better tool to manage/configure IDPs? 3. How to manage certificate file /key files for each environment? a. Is there a tool to show it /manage/update if required? 4. We are a web farm in production. Can we generate separate log each IDP client for troubleshooting Since we are going to support multiple IDPs, I need a better way to set, manage, and troubleshoot. Please reply asap as we need to make a decision for our next production release.

We would like to answer them as follows: - **What is the best way to manage IDP’s and various possible configuration** You would need to save their info and certs to each folder / or DB record. - **With the first Idp client, we retrieved the required configuration from the metadata file and saved in Database through db scripts a. Is this recommended with many IDP client? b. Should we use a metadata file strictly to manage all configurations? c. Also, is their better tool to manage/configure IDPs?** You need a way to identify an IdP, so the way you are doing is what we would recommend. - **How to manage certificate file /key files for each environment? a. Is there a tool to show it /manage/update if required?** You should have your own code to manage the files. - **We are a web farm in production. Can we generate separate log each IDP client for troubleshooting** Yes, but I suggest getting the source code version to modify how the log files are created.