Choosing EntityIDs: Difference between revisions

From RavenWiki
Jump to navigationJump to search
('an', not 'and')
(Only require https if the site supports https)
Line 3: Line 3:
If your SP already has an entityID in some other federation then you should use that when configuring and registering an SP to work within the University or UK federation.
If your SP already has an entityID in some other federation then you should use that when configuring and registering an SP to work within the University or UK federation.


If your SP doesn't already have an entityID, create one. It should be an https: URL (even if the SP doesn't support SSL) based on a DNS name that you control, perhaps the the service name under which the SP operates or the host name of the computer operating the web site, followed by '/shibboleth'. Examples:
If your SP doesn't already have an entityID, create one. It should be a URL based on a DNS name that you control, perhaps the the service name under which the SP operates or the host name of the computer operating the web site, followed by '/shibboleth'. If the site supports https (which it will have to if it's ever going to be registered in the UK federation) then this should be a https URL. Examples:


   https://mnementh.csi.cam.ac.uk/shibboleth
   http://mnementh.csi.cam.ac.uk/shibboleth
   
   
   https://www.cam.ac.uk/shibboleth
   https://www.cam.ac.uk/shibboleth

Revision as of 13:07, 1 May 2009

Every component of a Shibboleth system has to have a unique name, called an entityID, used to identify it.

If your SP already has an entityID in some other federation then you should use that when configuring and registering an SP to work within the University or UK federation.

If your SP doesn't already have an entityID, create one. It should be a URL based on a DNS name that you control, perhaps the the service name under which the SP operates or the host name of the computer operating the web site, followed by '/shibboleth'. If the site supports https (which it will have to if it's ever going to be registered in the UK federation) then this should be a https URL. Examples: 

 http://mnementh.csi.cam.ac.uk/shibboleth

 https://www.cam.ac.uk/shibboleth

For preference choose a host name that has a long-term future (at least as long as the corresponding SP) because changing an entityID is difficult. So using a service name (such as www.cam.ac.uk) is preferable to using the name of the underlying host providing a service.

This URL does not have to resolve to anything. It's just a unique name and a URL is only being used because it provide a an easy way to create a unique name using delegated information (host names) that already exists.

There is further information about entityIDs on both the UK federation and the Internet2 websites.

Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Choosing_EntityIDs&oldid=2223"