IdP implementation roadmap

Yakov Revyakin yrevyakin at
Tue Apr 16 10:53:39 EDT 2019

Hi members,
Some days ago I started with IdP3. My goal is to implement IdP to provide
authentication based on our product's identity store.
Currently I have reached authentication by configuring
metadata-providers.xml with SP's metadata. I use for testing

Another testing SP is doesn't provide own metadata.
One of the real SPs is CyberArk PVWA. It also doesn't provide own metadata
- only the following knowledge:
- SAML2 is supported
- NameIDFormat must be specified as
- IdP must return the user name inside NameID tag
- IdP must provide Issuer, IdP Certificate and IdP login URL
- IdP must be set to accept non signed requests
- IdP's configured 'secure hash algorithm' is either SHA1 or SHA256

I ask you push me somehow to understand a roadmap:
1) How to make Shib IdP and metadata-*less *SP friends?
2) How to force the IdP to return the user name inside NameID tag with
NameIDFormat set to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

I really hope on your help,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list