"invalid" EntityID attempting Salesforce-Shibb integration
putmanb at georgetown.edu
Mon Aug 10 21:24:31 EDT 2015
On 8/10/15 8:42 PM, IAM David Bantz wrote:
> I'm attempting to configure a Salesforce application with our
> Shibboleth IdP. The Salesforce SAML configuration page requires
> piecemeal input of the elements of the IdP metadata. Most of the
> requested data is accepted, but the form rejects our institutional
> EntityID as "invalid" apparently because it is in urn:mace:incommon...
> format rather than a URL.
Well, if they require that, they're just wrong. Period. A SAML
entityID is a URI, it is not required to be a URL subtype.
> If not, any suggestions to try?
Other than the obvious - telling them that their software is broken and
making them fix it - I believe both v2 and v3 IdP's can be configured to
respond under a different entityID for particular relying parties.
In the v2 custom schema, it's here , the 'provider' attribute on a
In v3, I believe it's 'responderId' on a RelyingPartyConfiguration bean
. Don't know if we have an example in the wiki somewhere, a wiki
search for 'responderId' doesn't turn up anything for me.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users