Freshdesk SSO

Martin, Brandon L martinb at psd401.net
Sat Aug 8 19:54:23 EDT 2015 

Nate,

Thank you for the advice. That was as my initial course of action, but I didn't understand why I was still having issues. Their admin interface accepts a SHA-1 fingerprint from your identity provider. When I use the XML metadata I created, I get the error the fingerprint didn't match. The certificate in the metadata should be generated from the SHA-1 fingerprint I give to my party?

Brandon Martin
Data Integration Analyst
Peninsula School District Tech Support
Phone: (253) 530-3712

On Aug 8, 2015, at 4:22 PM, Nate Klingenstein <ndk at internet2.edu<mailto:ndk at internet2.edu>> wrote:

Brandon,

You'll probably want to mock up a metadata entry on their behalf and load it into your SP.  Changes to the anonymous relying party behavior can result in an extremely promiscuous IdP.

You might find the annotated example SP here to be useful as a starting point:

https://www.testshib.org/metadata/testshib-providers.xml

Hope this helps,
Nate.

On Aug 8, 2015, at 4:59 PM, Martin, Brandon L <martinb at psd401.net<mailto:martinb at psd401.net>> wrote:

Hello again Shibboleth users,

I am working with Freshdesk<https://support.freshdesk.com/support/solutions/articles/31166-single-sign-on-remote-authentication-in-freshdesk> as an SSO party. They don't provide a metadata file, so I am under the impression they need to be setup as an AnonymousRelyingParty. I found the following code to setup an anonymous party, but it looks to be Shibboleth V2. I've read through UpgradingFromV2<https://wiki.shibboleth.net/confluence/display/IDP30/UpgradingFromV2> but I still do not understand the conversion and am having a hard time finding examples.

<AnonymousRelyingParty provider="https://psdts.freshdesk.com/login/saml"
                           defaultSigningCredentialRef="IdPCredential" />


<security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
                <security:PrivateKey>${idp.home}/credentials/idp-encryption.key</security:PrivateKey>
                <security:Certificate>${idp.home}/credentials/idp-encryption.crt</security:Certificate>

</security:Credential>


Is this possible in Shibboleth V3?


Thank you

Brandon Martin
martinb at psd401.net<mailto:martinb at psd401.net>
Peninsula School District
Data Integration Analyst

Ext: 3712
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150808/bd5d8083/attachment-0001.html>

More information about the users mailing list