Using shibboleth to create SP metadata file on development server machine

Nate Klingenstein ndk at
Wed Aug 3 15:51:07 UTC 2022


There is no need for the entityID to be anything other than a URL(or, rarely, a URN) in a namespace that you control.  The IdP's that you work with need to recognize the SP as what you want it to be called.  It is nothing more nor less than a unique identifier for the application.

You may want to set a entityID in the ApplicationDefaults element, which is contained in shibboleth2.xml, or you may want to recycle the old name so you can simplify the IdP's configuration.  If this is a different logical application that receives different attributes, you should use a different entityID.  It's all totally up to you and your use cases.

Take care,

Signet, Inc.
The Art of Access ®

-----Original message-----
From: Goldberg, Arthur P via users
Sent: Wednesday, August 3 2022, 9:28 am
To: Shib Users
Cc: Goldberg, Arthur P
Subject: Using shibboleth to create SP metadata file on development server machine

Hello Shib users

I am upgrading the software on a production system. Two software installations and machines are involved: release 1 of x running on VM prod at, and release 2 of x running on VM dev at

On Tues Aug 9 we plan DNS changes which will map VM dev’s IP addresses to (and map VM prod’s IP addresses to another domain name). Before then, I need to configure and test release 2 of x running
 on a machine with domain name I’m doing this by altering my local /etc/hosts file to map the IP address of VM dev to

To configure release 2 of x on VM dev to run at we need to configure a new SAML single sign-on that connects x on VM dev running at to the SAML IdP in our Azure Active Directory service.

To configure that I’m using shibboleth to create an SP metadata file for release 2 of x on VM dev running at I’m doing that by running release 2 of x with its web server configured to run at
 and accessing in my browser to create and download a metadata description of the SP. However, this metadata file has an
entityID in the EntityDescriptor that uses the domain name for VM dev which is running release 2 of x. (All other domain names
 in the metadata file are I’m concerned that this entityID will be treated as a fatal metadata error when VM dev is at

Do you have a recommended approach for handling this situation? Only one idea comes to mind: Alter the /etc/hosts file on VM dev to map its IP address to and then create the SP metadata file.




Arthur Goldberg, PhD

Mount Sinai Data Warehouse <>

Scientific Computing and Data <>

Associate Professor of Genetics and Genomic Sciences

Institute for Data Science and Genomic Technology

Mount Sinai School of Medicine

Arthur.Goldberg at <mailto:Arthur.Goldberg at>

646 526 5020

Zoom <>


For Consortium Member technical support, see

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list