Versions Compared

Old Version 25

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user David Walker (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
titleDeprecated

Note that this page has been deprecated. The information it contains is no longer current.

This page shows how to set up an IdP deployment for SAML V2.0 Web Browser SSO. Here you will find procedures for new IdPs as well as existing IdPs migrating from SAML V1.1 to SAML V2.0. We assume that your IdP software has the ability to consume SAML V2.0 requests and issue SAML V2.0 responses.

...

If you are using the Shibboleth IdP software, a mechanism to elicit an unsolicited SAML V2.0 response is well documented in the Shibboleth wiki. For example, the following HTTP request triggers an unsolicited response from IdP (urn:mace:incommon:idp.protectnetwork.org) listed in InCommon metadata, targeting the default <md:AssertionConsumerService> endpoint at the indicated SP:

Code Block
XML
XML

https://idp.protectnetwork.org/protectnetwork-idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Ffm.incommon.org%2Fsp

...

The previous HTTP request exercises the IdP's ability to respond via a particular SAML V2.0 binding, namely the binding associated with the default <md:AssertionConsumerService> endpoint at the SP. To exercise other bindings, issue similar requests for other SP endpoints by appending a shire parameter to the query string:

Code Block
XML
XML

...&shire=https%3A%2F%2Fservice1.internet2.edu%2FShibboleth.sso%2FSAML2%2FPOST

...