NOT a heartbleed question
Paul Hethmon
paul.hethmon at clareitysecurity.com
Thu Apr 10 14:26:14 EDT 2014
On Apr 10, 2014, at 2:11 PM, Bryan E. Wooten <bryan.wooten at utah.edu<mailto:bryan.wooten at utah.edu>> wrote:
First they want to do IDP initiated login. We have never done that before. Is it as easy as I am lead to believe from this wiki page:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
All need is a link like this: https://myidp.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=someid&shire=providerURL
Yes, that's pretty much it.
The vendor does not supply meta-data. I thought that was a requirement.
You will have to create a metadata file for Shib to read from their data. One thought on that is to give them a metadata file with the entityID, ACS URL's empty and tell them to fill it in.
And last does my 2.3.5 IDP meet these requirements out of the box or do I have work to do (beyond just configuration)?
Yes, all of that is specified by the SAML spec itself.
Paul
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140410/d04e3d1b/attachment.html
More information about the users
mailing list