Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The amount of configuration the SP needs to talk to a new IdP depends on how much special treatment that IdP will require compared to your defaults. The base case is very simple: add the IdP's metadata to a metadata file referenced by a <MetadataProvider> from shibboleth2.xml, and you're done.

If you're using the Login style of <SessionInitiator, you should change the entityID to the IdP's entityIDa single IdP, then you need to ensure its entityID is set in the <SSO> element to route requests to it.

If you do need to treat an IdP specially in one of the following ways, read that section:


Add a <RelyingParty> element to the <Application> configuration with a new Name matching the entityID of the IdP or a federation. The SP will name itself by a specified entityID attribute when it talks to the relying party Name.

This won't work if a legacy WAYF style <SessionInitiator> discovery approach is used, but it will work with a modern DS.

Different cryptography