Connect SP to an external IDP
gaetanroot at gmail.com
Mon May 1 15:40:00 EDT 2017
Thanks for the answer but I tried to follow the tutorial and I don't find a
Could you give me step by step what I need to do.
2017-04-30 19:11 GMT+02:00 Peter Schober <peter.schober at univie.ac.at>:
> * Gaëtan ROOT <gaetanroot at gmail.com> [2017-04-30 16:08]:
> > I need help to configure a new IDP.
> You'll want to consult The Fine Documentation, which starts at:
> Follow the link "Configure" in the box "Installation & Configuration"
> in the lower left:
> Then follow the link "Talk to a New Identity Provider" in the middle
> section titled "Native Service Provider (SP)":
> > I need to configure my SP to be connected to an external IDP. The
> > connection must be chiffred.
> To me "The connection must be chiffred" could mean several things:
> If you meant the data sent by the IDP must be verified (so that you
> can be sure it's authentic) then you'll need the IDP's signing
> certificate. If that is what you called "federation.crt" below, that's
> If you meant that the data sent by the IDP needs to be encrypted (to
> prevent third parties from accessing that data), then you'll need to
> provide the IDP with SAML 2.0 metadata describing your SP (or provide
> the same info by other means), including a key that's suitable for
> encryption. (A default SP install will always contain one.) You'll
> also need to make sure the IDP actually uses that key and actually
> encrypts the SAML response (or the SAML assertion) sent to your SP.
> (A default Shibboleth IDP will always encrypt data to the SP, if the SP
> has a suitable key available.)
> > I also have the IDP entityID, the IDP link like :
> > https://federate.example.com/idp/SSO.saml2, the federation.crt and the
> > SP-metadata.xml.
> The SP needs SAML 2.0 Metadata describing the IDP.
> If you don't have that you should ask the IDP for it.
> Failing that you can try to create it based on other data (and
> guesswork), there's documentation for that, too:
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users