Choosing EntityIDs: Difference between revisions

From RavenWiki
Jump to navigationJump to search
m (jw35 moved page EntityIDs to Choosing EntityIDs)
No edit summary
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
{{New Docs}}
Every component of a Shibboleth system has to have a unique name, called an entityID, used to identify it.
Every component of a Shibboleth system has to have a unique name, called an entityID, used to identify it.


Line 5: Line 7:
If your SP doesn't already have an entityID, create one. A recommended default is to use a URL based on the DNS name under which the SP operates, followed by '/shibboleth'. Failing that use some other URL based on a hostname that you control, but remember that each entity needs a unique name so don't use any name more than once. Try to use a hostname that has a long-term future since changing entityIDs can be disruptive. If the site supports https (which it will have to if it's ever going to be registered in the UK federation) then this should be a https URL. Examples:
If your SP doesn't already have an entityID, create one. A recommended default is to use a URL based on the DNS name under which the SP operates, followed by '/shibboleth'. Failing that use some other URL based on a hostname that you control, but remember that each entity needs a unique name so don't use any name more than once. Try to use a hostname that has a long-term future since changing entityIDs can be disruptive. If the site supports https (which it will have to if it's ever going to be registered in the UK federation) then this should be a https URL. Examples:


  https://shib.raven.cam.ac.uk/shibboleth 
   http://mnementh.csi.cam.ac.uk/shibboleth
   http://mnementh.csi.cam.ac.uk/shibboleth
 
  https://www.cam.ac.uk/shibboleth
(the first of these is actually the entityID of the Shibboleth identity provider provided by Raven).


For preference choose a host name that has a long-term future (at least as long as the corresponding SP) because changing an entityID is difficult. So using a service name (such as www.cam.ac.uk) is preferable to using the name of the underlying host providing a service.
For preference choose a host name that has a long-term future (at least as long as the corresponding SP) because changing an entityID is difficult. So using a service name (such as www.cam.ac.uk) is preferable to using the name of the underlying host providing a service.

Latest revision as of 11:41, 3 March 2020

We're working on improving Raven resources for developers and site operators.

Try out the new Raven documentation for size.

Every component of a Shibboleth system has to have a unique name, called an entityID, used to identify it.

If your SP already has an entityID in some other federation then you should use that when configuring and registering an SP to work within the University or UK federation.

If your SP doesn't already have an entityID, create one. A recommended default is to use a URL based on the DNS name under which the SP operates, followed by '/shibboleth'. Failing that use some other URL based on a hostname that you control, but remember that each entity needs a unique name so don't use any name more than once. Try to use a hostname that has a long-term future since changing entityIDs can be disruptive. If the site supports https (which it will have to if it's ever going to be registered in the UK federation) then this should be a https URL. Examples:

 https://shib.raven.cam.ac.uk/shibboleth  
 http://mnementh.csi.cam.ac.uk/shibboleth

(the first of these is actually the entityID of the Shibboleth identity provider provided by Raven).

For preference choose a host name that has a long-term future (at least as long as the corresponding SP) because changing an entityID is difficult. So using a service name (such as www.cam.ac.uk) is preferable to using the name of the underlying host providing a service.

This URL does not have to resolve to anything. It's just a unique name and a URL is only being used because it provide a an easy way to create a unique name using delegated information (host names) that already exists.

There is further information about entityIDs on both the UK federation and the Internet2 websites.