Cannot get Instructure SP working with IdP version 3
Cantor, Scott
cantor.2 at osu.edu
Thu Jul 14 16:16:43 EDT 2016
> We are sending the username in the unspecified nameid format in the
> Subject, and an opaque identifier as eduPersonTargetedID, but not much
> else. We send the assertion encrypted and the response signed.
They don't require an unspecified NameID, ergo you shouldn't be sending one since that's going to just create confusion and hassle with any SPs that really do require that.
We are using the NameID, in a format specific to the attribute we supply as the value (it's the URN for employeeNumber in fact) and I believe our Canvas admin set that up in the application by entering it there. I have no other non-defaulted settings in place. Since they are in InCommon, I could not rely on the metadata to get the IdP to use that NameID Format, I had to use a relying-party override to set that rule.
> If anyone has been able to get Instructure to work in their Shibboleth
> version 3 IdP environment, please tell me how you did it.
All the setup was on the Canvas side, really, I did the bare minimum and it worked fine.
-- Scott
More information about the users
mailing list