Configuring Salesforce for Shibboleth IdP (newbie)

Nate Klingenstein ndk at internet2.edu
Thu Oct 10 18:08:49 EDT 2013


Joaquin,

> I'm realtively new to SAML and Shibboleth and I am at the phase to configure account information SSO configuration withSalesforce.com.

These questions are more for Salesforce and less for Shibboleth.  You might ask them.  I can only guess at their interpretation.

It would also be good to ask them when they will be able to support metadata, which would remove the need for their customers to answer(and maintain the answers to) these questions.

> Issuer:
> https://idp.example.com:9443/idp/profile/SAML2/POST/SSO

They probably mean entityID here, which would be in your default installation:

https://idp.example.com:9443/idp/shibboleth

You can and should customize this in relying-party.xml to something that makes sense for your organization.

> Identity Provider Login URL:
> https://idp.example.com:9443/idp/shibboleth

They probably mean something using the IdP Unsolicited SSO profile handler.

https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO

> Also, how would go about (on CentOS 6.3), creating an " Identity Provider Certificate" that Salesforce requires?  

There is a certificate automatically generated for you during installation and placed in /opt/shibboleth-idp/credentials/.   You may choose to use that certificate or any other certificate you'd like as long as it's consistent.

Thanks,
Nate.


More information about the users mailing list