Shibboleth setup.. So close but can use some help..

Cantor, Scott cantor.2 at
Fri Sep 23 22:07:48 BST 2011

On 9/23/11 4:55 PM, "Garry Boyce" <gboyce at> wrote:
><SSO entityID=""
>Note: This seems to need /idp otherwise I get errors about no metadata and
>never get to login screen (I assume this means that this entityID must be
>the same as the idp entity id

The names are what you assign them to be and there is no requirement that
they have "idp" in them or anything like that. In that case, it's asking
you to tell it the IdP to use, so you give it the name of the IdP.

The purpose of any given field is what it's documented to be, not what its
name implies absent the context. The fact that two properties are called
entityID means they are both, well, that, but it doesn't mean the purpose
of the properties is the same. I realize that I'm among the few that finds
that less confusing rather than more.

It happens that using the same name for an IdP and an SP causes a hard to
identify problem in the IdP. It's probably possible to make it work if you
understand metadata and combine the two instances, but serves no purpose
other than to confuse.

-- Scott

More information about the users mailing list