Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
614 views
in Technique[技术] by (71.8m points)

single sign on - What entityId to choose to configure Service Provider (SP) in shibboleth?

According to Shibboleth wiki entity naming we should not use real host to the entity id, I am confused what to use. Is there any significance of entity id, or I can choose whatever?

What if I edit it after configured.

my web path that will required sso is http://exp.uni.edu(this will get auth data from http://uni.edu) and the SP can be placed at http://exp.uni.edu path.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You should use the URI for the service provider, not necessarily the name of the physical host . So, if your site is "exp.uni.edu", but hosted on the webserver panther-web-07.uni.edu, you'd be safe using something like "https://exp.uni.edu/shibboleth-sp" for your SP entityID. If this SP is running on the webserver for the engineering school at UNI, you could also use something like "https://engineering.uni.edu/shibboleth-sp". It is not required that the entityID resolve, but it should use a namespace your organization owns/controls, and may resolve someday.

Your entityID doesn't necessarily need to be the same as your application's DNS name, since a single Service Provider can protect multiple applications with distinct DNS names running on the same webserver.

You wouldn't want to use the panther-web-07.uni.edu webserver hostname for your entityID, because while the name of the server on which the "exp.uni.edu" site is hosted, the URI for the "exp.uni.edu" hopefully will be static throughout the lifetime of the service.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...