Reputation: 21
exchange metadata from shibboleth sp and idp
I've just tried to resolve my question reading oldest post on this forum, but i think i need some direct answer for my problem. so pls be patience with me. I'm making a web application for my university in witch i have to send a Mac address from my shibboleth sp to the university idp, and if idp matchess Mac it will respond me with some other info correlated with Mac. Now, i have configured my sp following this guide 'https://www.testshib.org/'. My configuration is in local so at the end these are my questions:
1) the entityID of my SP how should it be? i'm using an idp like that: "servername.org/shibboleth-sp". I really don't know if it's correct because it will be associate with a real organizzation and maybe it's better an idp like: "univerity_x_servername.org/shibboleth-sp/".
2) As I just said, my SP is in local, and i don't understand if i can only send my metadata to idp just attaching the file that i can download in local from "https://servername/Shibboleth.sso/Metadata" or maybe i can pass a link with witch the idp can download itself my metadata. someone know how can i implement the second case, by passing a single link for the download.
3) last and less important question. the guide that i've followed to configure sp, test it at the end by opening an index page on my secure directory in local "/var/www/html/secure/". i didn't yet understant what type of check is it. so if someone have already used that guide and can explain the final test it will be awesome .
Thanks.
ps: i hope you will understand this post, i know that my english sucks. sorry
Upvotes: 0
Views: 946
Answers (1)
Reputation: 3866
- You can use any entityId, it doesn't matter. Refer this
- You can do both, put the configuration in shiboleth2 configuration file. If you have put URL then idP will take URL or if you have put filename then idp will download that filename.
You can download the file from that URL(https://.../Metadata) and change and then save and then put it on your server
- Shibboleth is not doing authentication at SP, it is just for Authorization. What I mean by that is, you have configured to protect
/securepath. So primary task of shibboleth SP is that - it won't allow any user to access that page until user have valid authentication in idP. You can configure any other path too. In addition to authorization, it gives use the data about user.
My this, this and this answers may help you.
Upvotes: 1
Related Questions
- Shibboleth 3 Idp using ws-fed
- Shibboleth SP Not Resolving Attributes sent by Shibboleth IDP
- Setting up a new Shibboleth IdP to work with an existing SAML SP
- How to provide SP metadata to TestShib IdP using passport-saml?
- How to pass Sp entityId from Idp to Shibboleth Sp?
- Shibboleth IDP Unable To Resolved Attribute
- Shibboleth SP to point to multiple idP
- Connecting Shibboleth as a IdP and API Publisher as SP
- Generating Shibboleth SP Metadata
- Integrating a simpleSAMLphp IdP with a Shibboleth 2.2 SP