An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IdP) or a Service Provider (SP). The first step in configuring any permanent SAML deployment is to choose a permanent name for the entity. Please do so carefully and deliberately.
Tip | ||
---|---|---|
| ||
Remember, the entity ID and the endpoint locations in metadata do not need to match. An entity ID is a name, not a location. If the entity ID is a URL (and it almost always is) it need not resolve. |
The following sections give recommendations regarding entity naming within the InCommon Federation. For background information, review the general topic on entity naming in the Shibboleth 2 documentation.
IdP Naming
Historically, InCommon assigned an URN (Uniform Resource Name) to all new IdPs, based on the IdP's primary DNS domain name:
...
As with IdP naming, you MUST be prepared to commit to maintaining an SP entity ID essentially for the life of the service. Choose a name you can commit to maintaining even if the service will run at a different (or perhaps more than one) location in the future.
Tip | ||
---|---|---|
| ||
Remember, the entity ID and the endpoint locations in metadata don't need to match. An entity ID is a name, not a location. The host part of the entity ID need not resolve. |
Choosing a Name
Below are some tips and suggestions that might be useful when choosing an entity ID.
...
- https://comanage.example.edu/sp
- https://wiki.cs.example.org/sp
- https://intranet.math.example.edu/sp
- https://myapp.example.com/sp
References
- A general discussion of entity naming in the Shibboleth documentation