Shibboleth IdP v3

Information and Notes regarding the Shibboleth Identity Provider v3.x Upgrade

Shibboleth IdP v3 Upgrade
Campus	Current Version	Planing Stage	Upgrade Method	Consent	TOU	Go-Live
UCOP	v 2.4.4	Inception	Parallel Build	TBD	TBD	TBD
UCSC	v 3.1.2	Finished	Parallel Build	yes		Aug 2015

Feel free to reformat the notes section:

Campus

Problem

Solution

UCSC

Some UC Campuses have legacy SAML1 entityID names based on "urn:mace" We also use the SAML2 url standard for entities outside of InCommon, How do you apply a different entityID in the relying party?Solution

Include the "responderId" parameter in the relying-party.xml override section.

    <bean parent="RelyingParty"
      c:groupNames="urn:mace:incommon"
      p:responderId="urn:mace:uncommon:ucsc.edu">
    <property name="profileConfigurations">
        <list>
            <bean parent="Shibboleth.SSO" />
            <ref bean="SAML1.AttributeQuery" />
            <bean parent="SAML2.SSO" />
        </list>
    </property>

Child pages

Shibboleth IdP v3

Shibboleth IdP v3 Upgrade

Campus

Current Version

Planing Stage

Upgrade Method

Consent

TOU

Go-Live