Connect SP to an external IDP
Gaëtan ROOT
gaetanroot at gmail.com
Mon May 1 15:40:00 EDT 2017
Hi,
Thanks for the answer but I tried to follow the tutorial and I don't find a
solution.
Could you give me step by step what I need to do.
Thanks,
Gaëtan
2017-04-30 19:11 GMT+02:00 Peter Schober <peter.schober at univie.ac.at>:
> * Gaëtan ROOT <gaetanroot at gmail.com> [2017-04-30 16:08]:
> > I need help to configure a new IDP.
>
> You'll want to consult The Fine Documentation, which starts at:
> https://wiki.shibboleth.net/confluence/display/SHIB2
>
> Follow the link "Configure" in the box "Installation & Configuration"
> in the lower left:
> https://wiki.shibboleth.net/confluence/display/SHIB2/Configuration
>
> Then follow the link "Talk to a New Identity Provider" in the middle
> section titled "Native Service Provider (SP)":
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddIdP
>
> > I need to configure my SP to be connected to an external IDP. The
> > connection must be chiffred.
>
> To me "The connection must be chiffred" could mean several things:
>
> If you meant the data sent by the IDP must be verified (so that you
> can be sure it's authentic) then you'll need the IDP's signing
> certificate. If that is what you called "federation.crt" below, that's
> fine.
> If you meant that the data sent by the IDP needs to be encrypted (to
> prevent third parties from accessing that data), then you'll need to
> provide the IDP with SAML 2.0 metadata describing your SP (or provide
> the same info by other means), including a key that's suitable for
> encryption. (A default SP install will always contain one.) You'll
> also need to make sure the IDP actually uses that key and actually
> encrypts the SAML response (or the SAML assertion) sent to your SP.
> (A default Shibboleth IDP will always encrypt data to the SP, if the SP
> has a suitable key available.)
>
> > I also have the IDP entityID, the IDP link like :
> > https://federate.example.com/idp/SSO.saml2, the federation.crt and the
> > SP-metadata.xml.
>
> The SP needs SAML 2.0 Metadata describing the IDP.
> If you don't have that you should ask the IDP for it.
>
> Failing that you can try to create it based on other data (and
> guesswork), there's documentation for that, too:
> https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForIdP
>
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170501/4d4855e4/attachment.html>
More information about the users
mailing list