In essence this all boils down to :
SAML does not allow for 1-to-many because of the trust-relation based on both metadata and certificates.
In my opinion the only way a 1-to-many trust/federative link can be achieved is via OIDC.
This is because the relationship compared to SAML is different, where OIDC is able to allow multiple responce-urls (redirect-uri’s).
In particular this part is usefull in Clustered or distrubuted setups,as its able to authenticate and receive information after on different nodes.
Aslong as the redirect-url/uri is registered with the IDP this shouds work for every node.
- Glowsome