University of Oregon

Identity Management - Test Shibboleth Service Provider Transition Guide

Audience
Faculty/Staff
Researcher
Student
GTF

This document describes the actions that need to be performed by UO Shibboleth Server Provider (SP) administrators to direct their SPs at the new Test Shibboleth Identity Provider (IdP).

Overview:

Updating your SP configuration to communicate with the new Test Shibboleth IdP should be a trivial change and require very little effort to accomplish.

Simply follow the three steps outlined below:

  1. Update the SSO "entityID" Value
  2. Download the New Test IdP Metadata
  3. Send a "Transition" Request

Update the SSO "entityID" Value:

Open your 'shibboleth2.xml' configuration file (commonly located at /etc/shibboleth/shibboleth2.xml) using your preferred editor and locate the 'SSO' configuration element. Within the 'SSO' element, change the value of the 'entityID' attribute from:

https://ssotest1.uoregon.edu/idp/shibboleth

to:

https://shibboleth-test.uoregon.edu/idp/shibboleth

Depending upon the version of the SP software you are running and your specific configuration, your SSO element may look different but for current versions of the SP software, the SSO element should appear similar to this:

<SSO entityID="https://shibboleth-test.uoregon.edu/idp/shibboleth">
    SAML2 SAML1
</SSO>

For detailed information regarding Shibboleth Service Provider configuration, please see: NativeSPShibbolethXML

 

Download the New Test IdP Metadata:

The new Test Shibboleth service uses a load-balanced URL and due to this change, the metadata associated with the new IdP service is different. You must download the new version of the IdP Metadata for your SP to properly communicate with the new Test IdP.

The new Test Shibboleth IdP metadata can be accessed via https://shibboleth-test.uoregon.edu/idp-metadata.xml:

wget https://shibboleth-test.uoregon.edu/idp-metadata.xml

 

Send a "Transition" Request:

The final step is to send us a transition request by filling out the below form. You'll need to have the "entityID" handy for every service protected by your SP: