No SP metadata provided by vendor
Christopher Bongaarts
cab at umn.edu
Tue Feb 11 10:06:41 EST 2020
On 2/11/2020 8:32 AM, Lohr, Donald wrote:
> We have a new SP to configure and the vendor is not an InCommon member
> and states the following:
>
> /We support both Identify Provider or Service Provider initiated
> methods, as both are equally viable for us. We never provide the
> metadata file or URL. We only provide links such as the ACS URL or
> Entity ID. We also produce the login and logout URL but some IDPs
> don't require or use it. This is all unrelated to whether or not it is
> SP or IDP initiated. /
> /
> /
> //
> /Example:/
> //
> /1. Entity ID: https://portal.acme.com/saml/metadata/xxxxxxxxxx//
> /
> /2. ACS URL: https://identity//.acme//.com/api/authenticate///xxxxxxxxxx/
> /3. Single Logout Endpoint:
> https://identity.//acme//.com/api/logout///xxxxxxxxxx/
> /4. Login URL:
> //<https://urldefense.proofpoint.com/v2/url?u=https-3A__portal.apps.us.bluescape.com_saml_single-5Fsign-5Fon_BluescapeInternalCorpSSO&d=DwMGaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=7jF46T-Hxl1VfpIxoSs-xpomxFwGgqYvcufOWXOxrnY&s=sXPamkw8jHfJ8MYfDnp150G9t7zQy1a08aplLBEE3r0&e=>//https://portal.//acme.com/saml/single_sign_on///xxxxxxxxxx
> /
>
> Without the SP metadata, what options do I have to configure our IdP
> for this SP?
1. Point to your contract/RFP that specifically requires the vendor
support SAML metadata. (Unfortunately, this probably won't be an option
for you This Time...)
2. Handcraft metadata for them, using the information provided. Here is
a starting point for you:
https://wiki.shibboleth.net/confluence/display/CONCEPT/Metadata
Since they can't be bothered to generate metadata for you, when they ask
for your SSO URL and certificate, give them your metadata file and say
"extract them yourself, chumps".
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200211/16f3630e/attachment.html>
More information about the users
mailing list