== [[https://iam.alaska.edu/shib|Shibboleth]] / Setup SP Relying Party == This page documents how to setup an SP's relying party configuration in the IdP. Note that if an SP is a member of the InCommon Federation (and presumably any other federations we may join) it is ''not'' necessary to configure their metadata into our IdP. The only local configuration required is attribute release. When SP metadata configuration is required, use the following procedure: 1. Check out the conf and metadata directories from the shib-svn repository. {{{ john@fearless:~/Junk$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/conf A conf/service.xml ... A conf/login.config Checked out revision 1. john@fearless:~/Junk$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/metadata A metadata/dauntless-metadata.xml ... A metadata/unicorn3-metadata.xml Checked out revision 1. }}} 2. Add the SP's metadata to the shib-svn repository in the shib-svn/idp/metadata directory. {{{ john@fearless:~/Junk$ cp /tmp/idmt-1-metadata.xml metadata/ john@fearless:~/Junk$ svn add metadata/idmt-1-metadata.xml A metadata/idmt-1-metadata.xml }}} 3. Add a stanza in the relying-party.xml config file to import the SP's metadata. {{{ john@fearless:~/Junk$ vi conf/relying-party.xml ... ... :wq! }}} 4. Commit the new metadata file and the changed relying-party.xml file into the shib-svn repository. {{{ john@fearless:~/Junk$ svn commit metadata/ -m "Added metadata from SP idmt-1" john@fearless:~/Junk$ svn commit conf/ -m "Added relying party config for SP idmt-1" }}} 5. Test and update the Shibboleth !IdPs with the [[https://iam.alaska.edu/shib/wiki/TestIdPConfig|Test IdP Config Change]] procedure. References:[[br]] * [[https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMetadataProvider|Shibboleth Metadata Provider Documentation]] * [[https://iam.alaska.edu/shib/attachment/wiki/SetupSpRelyParty/shibboleth2.xml|shibboleth2.xml for Parking SP]]