Specifying <IdpList> in Shibboleth SP

Sandy sundeep.nitw at gmail.com
Mon Nov 24 13:10:18 EST 2014


I am exploring Shibboleth and am fairly new to SAML. I have installed both
Shibboleth SP and Idp and tested them against TestShib. I have been looking
at both SAML specification and also Shibboleth Confluence Wiki(a great
resource). I have two questions that I have not been able to figure out:

1. IdpList element for SP
2. SAML Proxy Idp

Both questions relate to what is referred to as 'Idp Chaining', but the
SAML specification defines it as SAML Idp Proxying. More details on the
specific information I am looking for is below:

1. IdpList for SP
The SAML specification says that an <IdpList> element can list all the
Idp's that the requester would need assertions from. Where, in Shibboleth
SP configuration this can be specified(if at all it can be)? I would be
grateful if I can be pointed to the wiki page that contains relevant

2. SAML Proxy Idp
Is there some specific configuration that Idp needs to act as a proxy Idp?
Or is it from the Request that the Idp figures out that it needs to act as
a proxy Idp(from <ProxyCount> and <IdpList> elements).

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141124/4e36f17c/attachment.html 

More information about the users mailing list