Versions Compared

Old Version 50

changes.mady.by.user David Walker (internet2.edu)

Saved on

compared with

New Version 51

changes.mady.by.user David Walker (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space federationedit and version 2.14

Jump to: 

Table of Contents
maxLevel1
exclude(On this page)|(In this section)|(Related content)|(Get help)
typeflat
separatorpipe

This wiki topic shows how to configure the Shibboleth Service Provider (SP) for the InCommon Federation Discovery Service. Visit the Discovery Service FAQ for more information.

First thing first: publish your SP metadata

To configure your Shibboleth SP to use the InCommon Federation Discovery Service, you must publish your SP's metadata in InCommon. To guard against security compromises, the Discovery Service will only direct users to the Discovery Response Endpoint in your published metadata.  If you have not done so, update your metadata first before you configure your Shibboleth 2.x SP to use the InCommon Federation Discovery Service.

Determine your Discovery Response Endpoint

With Shibboleth SP version 2.4 and later, the location of your Discovery Response Endpoint is:

HTML
https://<i>host</i>/Shibboleth.sso/Login

where host is the hostname of your SP. 

The same endpoint also applies for Shibboleth SP 2.3.1 or easier if you have configured  your <SessionInitiator> according to the example provided in the Configure Shibboleth SP version 2.3.1 (or earlier) section below.

To add your Discovery Response Endpoint to your published SP metadata, follow the instruction in Configure a service provider to use the Discovery Service.

Configuring Shibboleth SP version 2.4 or later

For SP 2.4 and later, the <SSO> element in shibboleth2.xml should include the following:

Code Block
titleshibboleth2.xml (2.4 and later)
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://wayf.incommonfederation.org/DS/WAYF">
SAML2 SAML1
</SSO>

Configure Shibboleth SP version 2.3.1 (or earlier)

Modify your SP 2.3.1 (or earlier) configuration file (shibboleth2.xml) to include a <SessionInitiator> of type SAMLDS, and URL pointing to https://wayf.incommonfederation.org/DS/WAYF:

Code Block
titleshibboleth2.xml (2.3.1 and earlier)
<SessionInitiator type="Chaining" Location="/Login" id="Login" isDefault="true" relayState="cookie">
     <SessionInitiator type="SAML2"
        defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html" />
     <SessionInitiator type="Shib1" defaultACSIndex="5" />
     <SessionInitiator type="SAMLDS" URL="https://wayf.incommonfederation.org/DS/WAYF" />
</SessionInitiator>

Additional information

Related content

Content by Label
showLabelsfalse
max10
showSpacefalse
cqllabel = "discovery-service" and space = currentSpace()

Get help

Can't find what you are looking for?

Button Hyperlink
iconhelp
titleAsk the community
typeprimary
urlask-the-community