Limitations of valid entityIDs

Nate Klingenstein ndk at internet2.edu
Wed Jul 2 21:39:08 EDT 2014


Jacob,

SAML 2.0 requires that entityID's be valid URI's.  There are a number of other providers who have not followed that rule, and it's been painful for them afterwards.  I would advise choosing a URI in a namespace that they control.

Shibboleth just takes the MUSTs in the specification more literally than some implementations.

Hope this helps,
Nate.

On Jul 2, 2014, at 7:36 PM, Jacob Lundberg <jacob at collegenet.com<mailto:jacob at collegenet.com>>
 wrote:

Obviously we can't set up an integration with them using this entityID.
I am curious what sort of response is recommended in this situation.  Is
this considered a Shibboleth-specific limitation or SAML2, etc?  What is
the specific error or limitation?  I guess maybe there is some list of
valid URL method strings and University_of_Heresville is not on the
list, so it can't be followed by a : like it is?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140703/42a43bbb/attachment.html 


More information about the users mailing list