shibboleth-dev - Re: Multiple IdP's and Multiple WAYF's
Subject: Shibboleth Developers
List archive
- From: Peter Schober <>
- To:
- Subject: Re: Multiple IdP's and Multiple WAYF's
- Date: Mon, 2 Jun 2008 20:57:02 +0200
- Organization: Vienna University Computer Center
*
<>
[2008-06-02 18:30]:
> Configuration for Multiple IDP's
> 1) I would like to know what configuration settings need to be made
> to handle multiple IDP's. I have searched for this informtion and
> have not found a great resource. We host publishers content that
> many institutions (IdP's) will access. I am not sure where this
> configuration setting is made.
If these IdPs are in your metadata there's not much to to. Only if you
need to refer to those IdPs with an URL from the application (i.e. to
start a session with one specific IdP) you will need to setup seperate
SessionInitiators for those IdPs (inside shibboleth.xml. Look for
existing SessionInitiator elements nested in Applications -> Session
elements).
IMHO the page from the Shib1 wiki isn't too helpful:
https://spaces.internet2.edu/display/SHIB/SessionInitiator
and the one form the Shib2 wiki probably won't apply to your setup?
https://spaces.internet2.edu/display/SHIB2/NativeSPSessionInitiator
> Multiple WAYF Servers
> 2) Also are WAYF's being depricated in the future? If so what is
> it's substitue? If not can we set up multiple WAYF servers? How
> would we go about doing this?
Probably only terminologically. There now is a SAML2 commitee spec for
IdP Discovery Services and the WAYF software from Internet2 is now
also called DiscoveryService. (Note that the WAYF software from
SWITCH also handles DS-style interaction nowadays, but still retained
it's name.)
As to setting up several WAYF services: you install them as you
normally would and refer to them (just like you would with an IdP)
with SessionInitiators (see above).
You can also define which SessionInitiator should be used for any
given resource: requireSessionWith=<id-of-sessioninitiator>
attribute in Local -> RequestMapProvider -> RequestMap -> Host or Path
element in shibboleth.xml. In the Apache webserver this is done with
ShibRequireSessionWith <id-of-sessioninitiator>
hth,
-peter
--
- vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
- Multiple IdP's and Multiple WAYF's, sklawitter, 06/02/2008
- Re: Multiple IdP's and Multiple WAYF's, Peter Schober, 06/02/2008
- Re: Multiple IdP's and Multiple WAYF's, Steven_Carmody, 06/02/2008
- RE: Multiple IdP's and Multiple WAYF's, Scott Cantor, 06/02/2008
Archive powered by MHonArc 2.6.16.