Versions Compared

Old Version 2

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Jason Rappaport

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The dialog box for IdP details is interspersed with fields about the SP's own entityID and URLs, but it will also generate metadata on the Advanced tab, which I hand-edited afterwards to load into the IdP. Noteworthy: it doesn't support XML Encryption but does sign its requests and so includes a key for that in the metadata.

Image Added

Profile Requirements

Encryption isn't supported so has to be disabled (or the idp.encryption.optional property tutrned on). There weren't any other special requirements.

...

SAML2.Logout (if desired)

Code Block
titleExcerpt from attribute-filter.xml
collapsetrue
<AttributeFilterPolicy id="ProofPoint">
          <PolicyRequirementRule xsi:type="Requester" value="https://saml-entity-id.proofpoint.com/<organization>_hosted" />
          <AttributeRule attributeID="eduPersonPrincipalName">
               <PermitValueRule xsi:type="ANY" />
          </AttributeRule>
</AttributeFilterPolicy>
Code Block
titleExcerpt from saml-nameid.xml
collapsetrue
		<bean parent="shibboleth.SAML2AttributeSourcedGenerator"
			p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
			p:attributeSourceIds="#{ {'eduPersonPrincipalName'} }" >
			<property name="activationCondition" >
				 <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidate="https://saml-entity-id.proofpoint.com/<organization>_hosted" />
			</property>
		</bean>		
 

Account Provisioning

The accounts have to be in place with an appropriate email address as the user ID.

...