Translate meta data to SSO tag
Peter Schober
peter.schober at univie.ac.at
Thu Dec 3 21:59:19 UTC 2020
* Nate Klingenstein <ndk at signet.id> [2020-12-03 19:01]:
> You just need to load the metadata for their identity
> provider. [...]
> their metadata is available at
> https://idp-dev.nss.udel.edu/idp/shibboleth, so you can just load it
> directly by adding to shibboleth2.xml next to the other
> MetadataProvider elements: [...]
> Eventually you'll want to rely on InCommon or another authority and
> signed metadata.
Defintively the latter. Getting signed metadata from InCommon's MDQ
shouldn't be any harder than getting it from the IDP's entityID URL
value directly in a completely insecure fashion.
1. Get the certificate to validate signatures:
https://spaces.at.internet2.edu/display/MDQ/production+metadata+signing+key
2. Get the config snippet for your Shib SP:
https://spaces.at.internet2.edu/display/MDQ/configure-shib-sp#configure-shib-sp-Obtainingmetadatasigningkey
3. Success.
-peter
More information about the users
mailing list