Change responderId of IdP by apache vhost

Bergmann, Clemens clemens.bergmann at
Tue Jun 8 14:41:58 UTC 2021



I am currently in the process of merging one CAS Server (CAS and SAML Protocols) and one Shibboleth Server (SAML only) to one shibboleth Server. 

Both instances currently have different entityIDs. My current plan is to work with the Shibboleth entityID by default and override the responderId with the following statement for all SPs that previously used the CAS IdP:


<util:list id="shibboleth.RelyingPartyOverrides">

<bean parent="RelyingPartyByName" c:relyingPartyIds="#{{...}}"




After merging the two IdPs I would have to coordinate with each SP to change the IdP-EntityID on the SP side and remove the SP entity-ID from the exception list on my side.

A much cleaner option would be to set the responderId based on the apache vhost the request is coming from. That would allow the SPs to switch my entityID whenever they are ready.


I could not find a way to configure this. Do you know of an option without running two completely separate IdPs on the IdP Server?


Mit freundlichen Grüßen

Clemens Bergmann


Clemens Bergmann

Gruppe Nutzermanagement und Entwicklung

Technische Universität Darmstadt

Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt

Tel. +49 6151 16 71184




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <>

More information about the users mailing list