custom entityID
Brent Putman
putmanb at georgetown.edu
Thu Aug 6 20:53:41 UTC 2020
On 8/6/20 2:28 PM, Donald Lohr wrote:
> By adding the a *p:responderId* to the section of my
> relying-party.xml specifically for this SP, login now works:
>
> <bean parent="RelyingPartyByName"
> c:relyingPartyIds="https://acme.com/sp/shibboleth"
> *p:responderId="https://xxxx.yyyy.zzzz/idp/shibboleth"*>
> .....
> .....
> </bean>
>
> Right/wrong/indifferent
>
> Thanks,
> Don
>
If your actual requirement was to use a different cert/key AND a
different entityID, then that would be correct.
As someone else already pointed out, if all you needed to do was use a
different signing key/cert for that SP, then you can do that with the
same entityID:
https://wiki.shibboleth.net/confluence/display/IDP4/SecurityConfiguration
the "Per-Profile Credential" example.
This is not rare - although maybe not terribly common either. Most SPs
don't care what cert/key you use - they use what you tell them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200806/6ac67e4b/attachment.htm>
More information about the users
mailing list