Child pages
  • BilateralDeployment

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Bilateral deployment

Once you set up Shibboleth SP instance you will need a Certificate and Metadata to test with UCLA IdP test instance.
You have two options:
Bilateral deployment - You will use a commercial Certificate from a vendor. You have to create and exchange the Metadata with the IdP manually.
Federated deployment - You can use certificates from a test federation,

This document describes configuration in a Bilateral environment.

Create a Key and CSR (Certificate Signing Request). Pass the CSR to a provider like Verisign, Godaddy, Thawte etc. and get the Certificate. Save the Key and Certificate ( PEM format) into separate files on your Shibboleth SP server and reference them inside your shibboleth.xml file <CredentialsUse> section.

Code Block
<CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
   <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
   <FileResolver Id="federation_creds">

Contact IT Services and provide the Certificate. Do not share the Key, just the Certificate. IT Services will create the Metadata for you. Save it in a file on your Shibboleth SP server and again reference it from shibboleth.xml, <MetadataProvider> section .

Code Block
		<MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"

For more help modifying your shibboleth.xml file you can visit any of the install guides located here.