From db09519fc617de03f349562401c16ba684f3c4e4 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Wed, 11 Jan 2023 14:26:25 +0100
Subject: [PATCH] Clarify discovery requirements when using multiple IdPs

Closes: #108
---
 README.md | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c121133..1722559 100644
--- a/README.md
+++ b/README.md
@@ -452,14 +452,20 @@ MellonDiagnosticsEnable Off
 
         # MellonIdPMetadataFile is the full path to the file which contains
         # metadata for the IdP you are authenticating against. This
-        # directive is required. Multiple IdP metadata can be configured
-        # by using multiple MellonIdPMetadataFile directives.
+        # directive is required.
         #
+        # An optional validating chain can be supplied as a second argument
+        # to MellonIdPMetadataFile. If omitted, no metadata validation will
+        # take place.
+        #
+        # Multiple IdP metadata can be configured by using multiple
+        # MellonIdPMetadataFile directives.
         # If your lasso library is recent enough (higher than 2.3.5),
         # then MellonIdPMetadataFile will accept an XML file containing
-        # descriptors for multiple IdP. An optional validating chain can
-        # be supplied as a second argument to MellonIdPMetadataFile. If
-        # omitted, no metadata validation will take place.
+        # descriptors for multiple IdPs.
+        # If you have multiple IdPs enabled, you will need to provide a
+        # discovery method to pick the right IdP for this user (see below),
+        # if none is given, Mellon will fall back to the first listed.
         #
         # Default: None set.
         MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml