single sign on - What entityId to choose to configure Service Provider (SP) in shibboleth?

Question

According to Shibboleth wiki entity naming we should not use real host to the entity id, I am confused what to use. Is there any significance of entity id, or I can choose whatever?

What if I edit it after configured.

my web path that will required sso is http://exp.uni.edu(this will get auth data from http://uni.edu) and the SP can be placed at http://exp.uni.edu path.

Answer 1

You should use the URI for the service provider, not necessarily the name of the physical host . So, if your site is "exp.uni.edu", but hosted on the webserver panther-web-07.uni.edu, you'd be safe using something like "https://exp.uni.edu/shibboleth-sp" for your SP entityID. If this SP is running on the webserver for the engineering school at UNI, you could also use something like "https://engineering.uni.edu/shibboleth-sp". It is not required that the entityID resolve, but it should use a namespace your organization owns/controls, and may resolve someday.

Your entityID doesn't necessarily need to be the same as your application's DNS name, since a single Service Provider can protect multiple applications with distinct DNS names running on the same webserver.

You wouldn't want to use the panther-web-07.uni.edu webserver hostname for your entityID, because while the name of the server on which the "exp.uni.edu" site is hosted, the URI for the "exp.uni.edu" hopefully will be static throughout the lifetime of the service.