AW: SAML IdP Proxy

Shirlei shirlei at
Fri Nov 28 14:52:51 EST 2014

Hy guys!

Have any of you implemented the SAML IdP Proxy discussed here, using
What I need is exactly what is pictured in the image below:


My SP federation and IdP federation use Shibboleth. If I understand it
right, I could have in my shibboleth sp a  list of available idps (available
in the Federation IdPs) and connect through the simplesaml proxy as If I was
connecting direct with the Federation IdP.

I would really appreciate if any of you could share some tip. At this
moment, for instance, I'm trying to show the discovery service in my shib
sp, with the IdPlist, 

In my shibboleth2.xml, I have the following configuration (snipets):
<SessionInitiator type="Chaining" Location="/DS" isDefault="true" id="DS"
relayState="cookie" acsByIndex="false">
                <SessionInitiator type="SAML2" defaultACSIndex="1"
                <SessionInitiator type="Shib1" defaultACSIndex="5"/>
                <SessionInitiator type="SAMLDS"

        <MetadataProvider type="Chaining">
            <MetadataProvider type="XML"
validate="true" reloadInterval="300">

In my sp eds (shibboleth eds) I just got the following link only:

And I try to connect using it, just to see what happens, and then I got the
following error:

Unable to locate metadata for ''
This is most likely a configuration problem on either the service provider
or identity provider.

When I add my sp to a shib idp, I sent my metadata file. But in
simplesamphp, I just don't find where to configure it! I've put a medata
entry in metadata/shib13-sp-remote.php, similar to the example
($metadata[''] = array(
        'AssertionConsumerService' =>
        'audience'                 => 'urn:mace:feide:shiblab',
        'base64attributes'         => FALSE,
but I don't think that is all...

So, any help is really appreciated.

Thank you very much!!

View this message in context:
Sent from the Shibboleth - Users mailing list archive at

More information about the users mailing list