entityID questions

Lohr, Donald lohrda at jmu.edu
Thu May 28 21:45:47 UTC 2020 

1) Does a "IdP Initiated" approach or "SP Initiated" approach determine 
whether HTTP-POST or HTTP-Redirect is used by the Service Provider?  Or 
what guidance can I provide the vendor as to which they should use? 
Since I think we might be their first Shibboleth IdP.

2) Is it worth fixing that SAM1 SSO url, if so how would I do that?

Thanks,
Don

On 5/28/20 4:04 PM, Peter Schober wrote:
> * Lohr, Donald <lohrda at jmu.edu> [2020-05-28 21:46]:
>> The vendor is asking why does our production Shibboleth IdP metadata have
>> the following Binding:
>>
>> <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
>> Location="https://itfederation.jmu.edu/shibboleth-idp/SSO%22/>
> Because you may have supported SAML 1 before.
>
>> Putting that Location url in a browser goes to an error:
> You probably never noticed that your SAML1 SSO URL was broken ever
> since you updated the software, years ago?
> The relative default URL should be /idp/profile/Shibboleth/SSO
> so the Location should be
> "https://itfederation.jmu.edu/idp/profile/Shibboleth/SSO".
>
>> 3) When I originally configured this SP against our non-production
>> Shibboleth IdP, its metadata does not have this url
>>
>> <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
>> Location=............
>>
>> It only has the last three listed above.
> I see no question there. The metadata for your non-prod IDP is
> different by not including an endpoint with a SAML1 binding.
>
>> 4) The vendor is also about the HTTP-POST and HTTP-Redirect binding,
>> stating:
>>
>> /For other IdPs we've worked with, those two bindings (HTTP-POST and
>> HTTP-Redirect) are the same endpoint but you currently have different
>> endpoints for different bindings. We would like to know which endpoint works
>> on the current production IdP.//
> Both. They should use the endpoint for the protocol binding they
> intend to use.
>
> -peter

-- 
D o n a l d   L o h r
I n f o r m a t i o n   S y s t e m s
J a m e s   M a d i s o n   U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0

More information about the users mailing list