Shib 1.3
Lohr, Donald
lohrda at jmu.edu
Tue Nov 20 17:06:01 EST 2012
Sorry for the delay. If I understand you correctly, in my idp.xml file
where I find my existing:
<MetadataProvider
type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
uri="file:/usr/local/shibboleth-idp/etc/InCommon-metadata.xml"/>
...I'd add an additional provider for the non-InCommon SP that I want to
incorporate into my Shibboleth v1.3 service, correct?
<MetadataProvider
type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
uri="file:/usr/local/shibboleth-idp/etc/InCommon-metadata.xml"/>
<MetadataProvider
type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
uri="file:/usr/local/shibboleth-idp/etc/Acme-metadata.xml"/>
Don
On 10/31/12 11:18 AM, Michael A Grady wrote:
> First, as Scott said, if the SP only supports SAML 2 there is nothing you can do but upgrade your IdP.
>
> If they support SAML 1.1, here is the old documentation covering what you need:
>
> For the Shib 1.3 IdP, look at:
>
> https://wiki.shibboleth.net/confluence/display/SHIB/IdPRelyingConfig
> basically, you'd add one more:
> <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataLoadWrapper"uri="pathname"/>
> into your IdP's main config file.
>
> Now, if the SP can't give you the metadata needed, you might also have to look at the following:
>
> https://wiki.shibboleth.net/confluence/display/SHIB/AddSP#AddSP-NoMutualFederation
>
> On Oct 31, 2012, at 10:07 AM, Cantor, Scott wrote:
>
>> On 10/31/12 10:59 AM, "Lohr, Donald" <lohrda at jmu.edu> wrote:
>>
>>> We have Shib v2 on our roadmap, but are not their yet. All of the SP's
>>> we interact with are InCommon Participants. We have been asked to
>>> connect Shib to a new non-InCommon Service Provider.
>>
>> Shibboleth doesn't know anything about InCommon, so there's no difference
>> to it. InCommon is a way of managing metadata and trust, it doesn't
>> preclude others.
>>
>>> Being new to Shib, especially 1.3 (which is using SAML 2x),
>>
>> Shibboleth 1.3 does not support SAML 2. If your new SP is SAML 2 only,
>> then you cannot connect to it.
>>
>>> can I configure my current Shib
>>> 1.3 environment to jointly get/send metadata to 1) InCommon and 2) this
>>> new non-Incommon SP?
>>
>> Yes, it has roughly similar capabilities in terms of supporting multiple
>> metadata files.
>>
>>> If so, what documentation exists that can guide me through making the
>>> necessary configuration changes to my existing Shib 1.3 environment?
>>
>> The old 1.3 documentation in the wiki, I suppose.
>>
>> -- Scott
>>
>>
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
>
> --
> Michael A. Grady
> Senior IAM Consultant, Unicon, Inc.
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
--
D o n a l d L o h r
i n f o r m a t i o n s y s t e m s
j a m e s m a d i s o n u n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3734 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20121120/7e99e0cc/attachment.bin
More information about the users
mailing list