Change responderId of IdP by apache vhost
Bergmann, Clemens
clemens.bergmann at tu-darmstadt.de
Tue Jun 8 14:41:58 UTC 2021
Hi,
I am currently in the process of merging one CAS Server (CAS and SAML Protocols) and one Shibboleth Server (SAML only) to one shibboleth Server.
Both instances currently have different entityIDs. My current plan is to work with the Shibboleth entityID by default and override the responderId with the following statement for all SPs that previously used the CAS IdP:
<util:list id="shibboleth.RelyingPartyOverrides">
<bean parent="RelyingPartyByName" c:relyingPartyIds="#{{...}}"
p:responderId="#{{'https://alternative-idp.example.com/idp/shibboleth'}}">
</util:list>
After merging the two IdPs I would have to coordinate with each SP to change the IdP-EntityID on the SP side and remove the SP entity-ID from the exception list on my side.
A much cleaner option would be to set the responderId based on the apache vhost the request is coming from. That would allow the SPs to switch my entityID whenever they are ready.
I could not find a way to configure this. Do you know of an option without running two completely separate IdPs on the IdP Server?
Mit freundlichen Grüßen
Clemens Bergmann
--
Clemens Bergmann
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
<http://www.hrz.tu-darmstadt.de/> http://www.hrz.tu-darmstadt.de/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210608/b2714fb8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20210608/b2714fb8/attachment.p7s>
More information about the users
mailing list