No SP metadata provided by vendor

Lohr, Donald lohrda at jmu.edu
Wed Feb 12 10:05:28 EST 2020


Thanks.  That url helped me construct a basic SP metadata file and auth 
now works.

Don

On 2/11/20 10:06 AM, Christopher Bongaarts wrote:
> On 2/11/2020 8:32 AM, Lohr, Donald wrote:
>> We have a new SP to configure and the vendor is not an InCommon 
>> member and states the following:
>>
>> /We support both Identify Provider or Service Provider initiated 
>> methods, as both are equally viable for us. We never provide the 
>> metadata file or URL. We only provide links such as the ACS URL or 
>> Entity ID. We also produce the login and logout URL but some IDPs 
>> don't require or use it. This is all unrelated to whether or not it 
>> is SP or IDP initiated. /
>> /
>> /
>> //
>> /Example:/
>> //
>> /1. Entity ID: https://portal.acme.com/saml/metadata/xxxxxxxxxx//
>> /
>> /2. ACS URL: 
>> https://identity//.acme//.com/api/authenticate///xxxxxxxxxx/
>> /3. Single Logout Endpoint: 
>> https://identity.//acme//.com/api/logout///xxxxxxxxxx/
>> /4. Login URL: 
>> //<https://urldefense.proofpoint.com/v2/url?u=https-3A__portal.apps.us.bluescape.com_saml_single-5Fsign-5Fon_BluescapeInternalCorpSSO&d=DwMGaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=7jF46T-Hxl1VfpIxoSs-xpomxFwGgqYvcufOWXOxrnY&s=sXPamkw8jHfJ8MYfDnp150G9t7zQy1a08aplLBEE3r0&e=>//https://portal.//acme.com/saml/single_sign_on///xxxxxxxxxx 
>> /
>>
>> Without the SP metadata, what options do I have to configure our IdP 
>> for this SP?
>
> 1.  Point to your contract/RFP that specifically requires the vendor 
> support SAML metadata.  (Unfortunately, this probably won't be an 
> option for you This Time...)
>
> 2.  Handcraft metadata for them, using the information provided.  Here 
> is a starting point for you: 
> https://wiki.shibboleth.net/confluence/display/CONCEPT/Metadata
>
> Since they can't be bothered to generate metadata for you, when they 
> ask for your SSO URL and certificate, give them your metadata file and 
> say "extract them yourself, chumps".
>
> -- 
> %%  Christopher A. Bongaarts   %%cab at umn.edu           %%
> %%  OIT - Identity Management  %%http://umn.edu/~cab   %%
> %%  University of Minnesota    %%  +1 (612) 625-1809    %%

-- 
D o n a l d   L o h r
  I n f o r m a t i o n   S y s t e m s
  J a m e s   M a d i s o n   U n i v e r s i t y
  5 4 0 . 5 6 8 . 3 7 3 0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200212/f4d78ef1/attachment.html>


More information about the users mailing list