Using a different SP entity ID with the IdP SAML authn flow

Wessel, Keith kwessel at
Thu Sep 2 19:04:19 UTC 2021

Thanks, Scott. So, to make this dynamic and use a different SP entity ID based on, for example, authnContextClassRef of the original incoming request, I can create a bean and set the relyingPartyLookupStrategy on the specific relying party override bean to point to that bean. Is that correct?

I assume my custom bean just returns a string with the entity ID that Shibboleth should identify itself as. Any pointers to other beans in the IdP configuration that would be a good example for me to base mine off of?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Thursday, September 2, 2021 11:59 AM
To: Shib Users <users at>
Subject: Re: Using a different SP entity ID with the IdP SAML authn flow

On 9/2/21, 12:42 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> I'm guessing I can override a ben somewhere, but I can't find it. How do I override this?

Same as the other direction, responderId property on the relying party override for the "SP" except that the SP in this case is the IdP.

We treat the relying party term in its generic sense. The thing you're communicating with. When I applied that metaphor to the proxy support, everything fit, more or less.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!uTUWp08GQBarDHSjPr10XN2PicZsB6O_qyT1oq_i_Ur7oH2y46_fdNI7LTPEe2mLXg$ 
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list