...
The amount of configuration the SP needs to talk to a new IdP depends on how much special treatment that IdP will require compared to your defaults. The base case is very simple: add the IdP's metadata to a metadata file referenced by a <MetadataProvider>
from shibboleth2.xml
, and you're done.
If you're using the Login
style of <SessionInitiator
, you should change the entityID
to the IdP's entityID
a single IdP, then you need to ensure its entityID
is set in the <SSO>
element to route requests to it.
If you do need to treat an IdP specially in one of the following ways, read that section:
...
Add a <RelyingParty>
element to the <Application>
configuration with a new Name
matching the entityID
of the IdP or a federation. The SP will name itself by a specified entityID
attribute when it talks to the relying party Name
.
This won't work if a legacy WAYF
style <SessionInitiator>
discovery approach is used, but it will work with a modern DS
.
Different cryptography
...