How to set-up IdP Initiated SSO using Shibboleth as Service Provider

Peter Schober peter.schober at
Fri May 24 09:39:52 EDT 2019

* christinepuedan <christinepuedan at> [2019-05-24 15:19]:
> Thanks for responding! But what configuration files should I need to update
> in order to do that on the Shibboleth SP side? What I have now is metadata
> file that our IdP (Ping Identity) has provided. I know we need to do some
> config on the shibboleth.xml and attribute-map.xml to do that, but I don't
> have the other picture what needs to be considered i.e. on the Apache side,
> etc.

I answered your literal question what needed to be done for the Shib
SP to be used with IDP-initated SSO (which is nothing, i.e. the SP
accepts an unsolicited response from an IDP by default).

Now, if you're really asking how to use the Shib SP and federate with
a new IDP and map attributes that IDP sends etc.pp. you'll need to
look at the documentation. Possible starting points:

What needs to be done in your web server configuration (other than
what's covered by the Shib SP documentation) mostly depends on the
protected resource and how you intend to integrate it with the
Shibboleth SP. The documentation also covers different strategies for
that, but I guess you'll need to get the basic working first.


More information about the users mailing list