The Security Assertion Markup Language (SAML) 2.0 service provider uses common domain cookies (CDC) to determine to which identity provider the service provider should send a request. The common domain is the domain where the CDC resides. This common domain is known to both the identity provider and the service provider. Identity providers identify themselves to a service provider by writing their alias into the CDC. The service provider of SAP NetWeaver Application Server reads the alias from the CDC. This service provider includes an internal read service for identity provider discovery. It can also use an external read service. When enabled, these services read CDCs to help the service provider determine which identity provider to use. When to use the external and internal read services depends on your network architecture.

• If the service provider shares the same domain with the common domain, use the internal service.

• If the service provider exists in a different domain from the common domain, use the external service.