Beginner ECP question

Terry Soucy terry.soucy at
Tue Sep 27 19:37:27 BST 2011

Hi Scott,

> Which entityID? You mean the SP? You shouldn't need entries for SPs, not
> in general anyway. The default is fine.

For our Windows Live at EDU setup, we have to have that in our relying-party.xml

<!-- Windows Live -->
<rp:RelyingParty id="uri:WindowsLiveID"
   <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
       encryptNameIds="never" />
       encryptNameIds="never" />

The documentation that MS provided me with is for ECP setup BEFORE ECP  
was part of the core IdP install, so I've pieced together what I know,  
and found that I don't need much of the edits they tell me to do.   
When Icheck the status of the IdP, these two profiles are returned for  
uri:WindowsLiveID ..

configured_communication_profile: urn:mace:shibboleth:2.0:profiles:saml2:sso
configured_communication_profile: urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp

> Mainly authentication, possibly via web.xml and container, or Apache, or
> something else.

Unfortunately, since I'm dealing with MS on this, I have no access to  
the other end and can not use that in my troubleshooting.  I guess  
what I'm after is, can I expect my IdP to respond to ECP requests  
given the above config and information?  That's really all I see that  
needs to be changed, or at least I hope it is.  I'm assuming that  
since the communication profile is loaded, that it has all of the  
necessary xml schema information in the default install.


Terry Soucy, Systems Analyst             Integrated Technology Services
University of New Brunswick, Fredericton Campus
Voice: 506.447.3018     Fax: 506.453.3590    E-mail: terry.soucy at
**    ITS is a scent-reduced workplace -    **

More information about the users mailing list