Use single shibboleth as SP for multiple sites

Ravresh Kumar ravresh.kumar at biz2credit.com
Mon Mar 30 10:27:11 EDT 2020 

Hi Nate,

Thanks for the help. I followed the documentation and was able to configure two different SP with one installation of Shibboleth using “ApplicationOverride”. But for second SP I am stuck in a loop after successful IDP login. Request is going to IDP, getting 200 response from IDP and then again a new request is triggered to IDP and so on.

I have configured the second SP using configuration given below -

<ApplicationOverride id="envstage" entityID="https://env-stage.xyz.com/index.php">
                <Sessions lifetime="28800" timeout="3600" checkAddress="false"  handlerSSL="true" cookieName=" envstage " cookieProps="; domain= env-stage.xyz.com; path=/envstage; secure; HttpOnly" handlerURL="/envstage/Shibboleth.sso" >
                                <SSO entityID="urn:xyz:stage:idp" postArtifact="true" encryption="true" discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
                                                SAML2
                                </SSO>
                </Sessions>
                <MetadataProvider type="XML" validate="true" path="stage-partner-metadata.xml"/>
</ApplicationOverride>

I have checked shibd.log as well but not able to find any error there as well. Please suggest what I am missing.

Regards,
Ravresh Kumar

From: users <users-bounces at shibboleth.net> On Behalf Of Nate Klingenstein
Sent: 25 March 2020 03:07
To: Shib Users <users at shibboleth.net>; users at shibboleth.net
Subject: RE: Use single shibboleth as SP for multiple sites


Ravresh,



It's not just possible; it's what a large portion of the SP was written for.  Depending on how differently you want the second site to behave and how you want to partition things, it's either a simple or a complex configuration change.



First, you'll need to protect the new URL path.  Then spend a little time thinking whether you want this to look like one logical application to the IdP's.  If not, you'll need to set a unique entityID for the second SP, which will require a little further configuration.  If you want it to behave differently than the other SP in other ways, then you have some more intricate configuration to do.  This is all well-documented in the Wiki.



https://wiki.shibboleth.net/confluence/display/SP3/ApplicationOverride

https://wiki.shibboleth.net/confluence/display/SP3/AddIdP



Take care,

Nate.



--------



[https://www.signet.id/wp-content/uploads/2019/08/signature-e1566142203123.png]

The Art of Access ®



Nate Klingenstein | Principal

https://www.signet.id/


-----Original message-----
From: Ravresh Kumar
Sent: Tuesday, March 24 2020, 3:27 pm
To: users at shibboleth.net<mailto:users at shibboleth.net>
Subject: Use single shibboleth as SP for multiple sites


Hi,

I want to use the single installation of shibboleth as SP for two different sites which are configured on the same server on which shibboleth is installed and configured.

e.g. site1.example.org is protected by shibboleth as SP. Now, I want site2.example.org to be protected by same shibboleth installation as SP. Is it possible to to do this?

Regards,
Ravresh Kumar
This email (including any attachments) contains confidential, privileged or legally protected information, and is meant solely for its intended recipients. Any review, use, copying, forwarding or other disclosure or distribution of the email or its contents by anyone else is strictly prohibited. If you received this email in error, please immediately notify the sender by reply email and then delete the email (and all attachments) from your system. Thank you in advance for your cooperation.

--



For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg



To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

This email (including any attachments) contains confidential, privileged or legally protected information, and is meant solely for its intended recipients. Any review, use, copying, forwarding or other disclosure or distribution of the email or its contents by anyone else is strictly prohibited. If you received this email in error, please immediately notify the sender by reply email and then delete the email (and all attachments) from your system. Thank you in advance for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200330/346bfda9/attachment.html>

More information about the users mailing list