...
- Change the
entityIDattribute located in the<ApplicationDefaults>element to one that's appropriate for your service. An https:// URL is recommended, ideally containing a logical DNS hostname associated with your service that will not change over time as physical servers do. See the EntityNaming topic for more on this concept.
...
- Supply or link to at least one IdP's metadata using one or more
<MetadataProvider>elements. There are a few common scenarios for acquiring metadata:- Join a federation. Usually you will be provided with a certificate to use to verify the metadata's signature to ensure its validity. Most of the time the federation will provide you with detailed instructions or examples of how to configure the software, and you should follow those instructions.
- Work with a dedicated, "local" IdP. This is common in internal deployments. With a single IdP, you may also be given explicit instructions on how to get and verify the metadata you need, or you may simply be forced to download the metadata and could be on your own in verifying its validity. Understand that the entire basis for your SP's security will typically come from that file.
- If the metadata you need doesn't exist, then you will have to create it yourself. The information you'll need is typically at least its name (entityID), the location of its services, and its public key or certificate. An example file you can work from is also included with the SP.
...
Possible next steps:
- Learn more about Metadata and check out some of the conceptual material, if you haven't already.
- Generalize your discovery solution if you have to handle more than one IdP.