Changes between Version 13 and Version 14 of SpSetup

Timestamp:

05/14/15 16:31:44 (10 years ago)

Author:

dabantz@…

Comment:

--

SpSetup

@@ -124 +124 @@
 If the computed fingerprints match the actual fingerprints, you are done. You may now safely use the certificate to verify the signature on the metadata file.
 }}}
+
+2.3 Set SP to find an IdP; within shibboleth2.xml
+
+A simple case is for your service to rely on (just) the UA IdP; that is, the SP will redirect users' browser to the UA IdP for authentication and attributes:
+{{{
+            <SSO entityID="urn:mace:incommon:alaska.edu"
+                 discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
+              SAML2 SAML1
+            </SSO>
+
+
+}}}
+
+Setting up for federated access to your service - allowing users to choose from among a list of different Identity Providers - is outside the scope of this document.
+See https://wiki.shibboleth.net/confluence/display/SHIB2/DiscoveryService
+
  3. Setup EntityID for SP. Note the entityID for the SP is _NOT_ a URL. It is a unique string that identifies your SP and is usually based off of the hostname of the system. It may also be a CNAME for the system.
   * Linux:
@@ -133 +149 @@
 [root@idmt-1 shibboleth]# vi shibboleth2.xml
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
-    <ApplicationDefaults entityID="https://idmt-1.alaska.edu/shibboleth"
+    <ApplicationDefaults entityID="{entityid of your service}"
                          REMOTE_USER="eppn persistent-id targeted-id">