Using shibboleth to create SP metadata file on development server machine
ndk at signet.id
Wed Aug 3 15:51:07 UTC 2022
There is no need for the entityID to be anything other than a URL(or, rarely, a URN) in a namespace that you control. The IdP's that you work with need to recognize the SP as what you want it to be called. It is nothing more nor less than a unique identifier for the application.
You may want to set a x.mssm.edu entityID in the ApplicationDefaults element, which is contained in shibboleth2.xml, or you may want to recycle the old dev.mssm.edu name so you can simplify the IdP's configuration. If this is a different logical application that receives different attributes, you should use a different entityID. It's all totally up to you and your use cases.
The Art of Access ®
From: Goldberg, Arthur P via users
Sent: Wednesday, August 3 2022, 9:28 am
To: Shib Users
Cc: Goldberg, Arthur P
Subject: Using shibboleth to create SP metadata file on development server machine
Hello Shib users
I am upgrading the software on a production system. Two software installations and machines are involved: release 1 of x running on VM prod at x.mssm.edu, and release 2 of x running on VM dev at dev.mssm.edu.
On Tues Aug 9 we plan DNS changes which will map VM dev’s IP addresses to x.mssm.edu (and map VM prod’s IP addresses to another domain name). Before then, I need to configure and test release 2 of x running
on a machine with domain name x.mssm.edu. I’m doing this by altering my local /etc/hosts file to map the IP address of VM dev to x.mssm.edu.
To configure release 2 of x on VM dev to run at x.mssm.edu we need to configure a new SAML single sign-on that connects x on VM dev running at x.mssm.edu to the SAML IdP in our Azure Active Directory service.
To configure that I’m using shibboleth to create an SP metadata file for release 2 of x on VM dev running at x.mssm.edu. I’m doing that by running release 2 of x with its web server configured to run at x.mssm.edu
and accessing https://x.mssm.edu/Shibboleth.sso/Metadata in my browser to create and download a metadata description of the SP. However, this metadata file has an
entityID in the EntityDescriptor that uses the
dev.mssm.edu domain name for VM dev which is running release 2 of x. (All other domain names
in the metadata file are x.mssm.edu.) I’m concerned that this entityID will be treated as a fatal metadata error when VM dev is at x.mssm.edu.
Do you have a recommended approach for handling this situation? Only one idea comes to mind: Alter the /etc/hosts file on VM dev to map its IP address to x.mssm.edu and then create the SP metadata file.
Arthur Goldberg, PhD
Mount Sinai Data Warehouse <https://labs.icahn.mssm.edu/msdw/>
Scientific Computing and Data <https://labs.icahn.mssm.edu/minervalab/scientific-computing-and-data>
Associate Professor of Genetics and Genomic Sciences
Institute for Data Science and Genomic Technology
Mount Sinai School of Medicine
Arthur.Goldberg at mssm.edu <mailto:Arthur.Goldberg at mssm.edu>
646 526 5020
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users