"invalid" EntityID attempting Salesforce-Shibb integration
Brent Putman
putmanb at georgetown.edu
Mon Aug 10 21:24:31 EDT 2015
On 8/10/15 8:42 PM, IAM David Bantz wrote:
> I'm attempting to configure a Salesforce application with our
> Shibboleth IdP. The Salesforce SAML configuration page requires
> piecemeal input of the elements of the IdP metadata. Most of the
> requested data is accepted, but the form rejects our institutional
> EntityID as "invalid" apparently because it is in urn:mace:incommon...
> format rather than a URL.
Well, if they require that, they're just wrong. Period. A SAML
entityID is a URI, it is not required to be a URL subtype.
>
> If not, any suggestions to try?
>
Other than the obvious - telling them that their software is broken and
making them fix it - I believe both v2 and v3 IdP's can be configured to
respond under a different entityID for particular relying parties.
In the v2 custom schema, it's here [1], the 'provider' attribute on a
RelyingParty element.
In v3, I believe it's 'responderId' on a RelyingPartyConfiguration bean
[2]. Don't know if we have an example in the wiki somewhere, a wiki
search for 'responderId' doesn't turn up anything for me.
[1] https://wiki.shibboleth.net/confluence/display/SHIB2/IdPRelyingParty
[2]
https://build.shibboleth.net/jenkins/job/java-identity-provider-nightly/javadoc/net/shibboleth/idp/relyingparty/RelyingPartyConfiguration.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150810/318d43f8/attachment-0001.html>
More information about the users
mailing list