Using shibboleth to create SP metadata file on development server machine

Wed Aug 3 15:51:07 UTC 2022

Arthur,

There is no need for the entityID to be anything other than a URL(or, rarely, a URN) in a namespace that you control.  The IdP's that you work with need to recognize the SP as what you want it to be called.  It is nothing more nor less than a unique identifier for the application.

You may want to set a x.mssm.edu entityID in the ApplicationDefaults element, which is contained in shibboleth2.xml, or you may want to recycle the old dev.mssm.edu name so you can simplify the IdP's configuration.  If this is a different logical application that receives different attributes, you should use a different entityID.  It's all totally up to you and your use cases.

Take care,
Nate

--------
Signet, Inc.
The Art of Access ®

https://www.signet.id

-----Original message-----
From: Goldberg, Arthur P via users
Sent: Wednesday, August 3 2022, 9:28 am
To: Shib Users
Cc: Goldberg, Arthur P
Subject: Using shibboleth to create SP metadata file on development server machine

Hello Shib users

I am upgrading the software on a production system. Two software installations and machines are involved: release 1 of x running on VM prod at x.mssm.edu, and release 2 of x running on VM dev at dev.mssm.edu.

On Tues Aug 9 we plan DNS changes which will map VM dev’s IP addresses to x.mssm.edu (and map VM prod’s IP addresses to another domain name). Before then, I need to configure and test release 2 of x running
 on a machine with domain name x.mssm.edu. I’m doing this by altering my local /etc/hosts file to map the IP address of VM dev to x.mssm.edu.

To configure release 2 of x on VM dev to run at x.mssm.edu we need to configure a new SAML single sign-on that connects x on VM dev running at x.mssm.edu to the SAML IdP in our Azure Active Directory service.

To configure that I’m using shibboleth to create an SP metadata file for release 2 of x on VM dev running at x.mssm.edu. I’m doing that by running release 2 of x with its web server configured to run at x.mssm.edu
 and accessing https://x.mssm.edu/Shibboleth.sso/Metadata in my browser to create and download a metadata description of the SP. However, this metadata file has an
entityID in the EntityDescriptor that uses the
dev.mssm.edu domain name for VM dev which is running release 2 of x. (All other domain names
 in the metadata file are x.mssm.edu.) I’m concerned that this entityID will be treated as a fatal metadata error when VM dev is at x.mssm.edu.

Do you have a recommended approach for handling this situation? Only one idea comes to mind: Alter the /etc/hosts file on VM dev to map its IP address to x.mssm.edu and then create the SP metadata file.

Regards

Arthur

--

Arthur Goldberg, PhD

Mount Sinai Data Warehouse <https://labs.icahn.mssm.edu/msdw/>

Scientific Computing and Data <https://labs.icahn.mssm.edu/minervalab/scientific-computing-and-data>

Associate Professor of Genetics and Genomic Sciences

Institute for Data Science and Genomic Technology

Mount Sinai School of Medicine

Arthur.Goldberg at mssm.edu <mailto:Arthur.Goldberg at mssm.edu>

646 526 5020

Zoom <https://mssm.zoom.us/my/arthur.goldberg?pwd=LzByMGJOZC9wM3A2aHV6OU94eUtSQT09>

--

For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net