Communicating with a Service Provider

Before configuring the IdP to communicate with a service provider be sure you have a basic understanding of how the IdP categorizes and works with service providers. You may also want to familiarize yourself with the general structure of SAML Metadata.

Communication Basics

In most cases enabling communication with a service provider requires:

  1. Loading its metadata into the IdP
  2. Adjusting attribute filters to release information to the SP

Loading the SP's metadata can be accomplished in a couple different ways. First, and easiest, is for the service provider to register with a federation whose metadata is already being loaded by the IdP. In this case the IdP will receive the SPs metadata at its next metadata refresh (this occurs once a day by default). Alternatively the IdP may establish some bilateral process for receiving the SPs metadata. For example, it may use the file-backed HTTP metadata provider to retrieve it from an SP provided URL.

Advanced Configurations

Some service providers, especially those using something other than the Shibboleth Service Provider software, require special tuning of the messages that are sent to them (e.g. attributes pushed to them during the sign on process, certain messages signed or encrypted). These sorts of configurations may be set by creating per service provider configurations.