Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Multiple IdP's in InCommon

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Multiple IdP's in InCommon


Chronological Thread 
  • From: Nick Roy <>
  • To: "" <>
  • Subject: Re: [Metadata-Support] Multiple IdP's in InCommon
  • Date: Fri, 26 Jan 2018 19:44:25 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:w0WE9RITlTauDcLuT9mcpTZWNBhigK39O0sv0rFitYgeIvvxwZ3uMQTl6Ol3ixeRBMOHs6sC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffxhEiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QLYpUjqg8qhrUgflhicZOTAk7GHZhM9+jKxaoB29qBJwzJXZYJ2MNPZiYq/RYc8WSXdHU81MVyJBGIS8b44XAuQZPOZXs4r9rEYSoxu5BQinGeTiyjlShn/x3aw3yOUhEQfa3AM+BdIOtmrbrMnrOKsIT++60bTIwCzFYvhL1zn9743IfQogofGKRb9xf8vRyU8yGAPCgFSQspbpPzWL2eQRtWWQ8uluVfq3hmI6tw18rSKjy8guh4XTiY8Z1krI+ThnzIs6PdG1SkB2bcS5HJZfrS2WKpZ6T8M4T211uis217sLsoOhcicQ0pQo3RvfZuSHc4eW5hLjU/6cLy9kiXxiZL6yiQ++/Fa5xOHhT8W0101FoTRfntnLq3ANywfc6s+aSvt740itwy6P1xrU6uFYP087ibbbK58mwr42jJYTtlnDHjPymEXxi6+WdV8o9fSv6+Tiernmp5mcOJFoigzmL6gihsOyDf43PwUMRWSW9viw2Kf+8UHnT7hGlvg2nbPYsJDeK8QbvKm5AwpN34Yl8Ra/CDen3c8ZnXkBMFJKZgiHj473NFHSPvz0F+mwjEmxkDtz3fDJIqXhAonRLnjEiLrhfLB95FJbyAo2yNBf4JRUBqsGIPLpVU/9rdnYAQElMwOu3unoEsl92ZkHVWKUH6+ZKLvSsViS5uIzOOSMYI4VuC3hK/g++fLil345mVkBfaa3x5sXbm63Huh4L0mDf3Xjn8oBQi82uV90SeH2gVGLTTcWfGuqR6Um+hk6DomhCILEQMaqmrPLlHO+E4FfamlaAxWXDG/wcJ+Yc/YKYyWXJ8hn1DseWu7yZZUm0ESItQT5g4BgP6KA/DcfpLri0sR4/eveiUt0+DBpWZfOm1qRRn15yztbDwQ927py9BRw
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Thanks for this addition, Patrick. I somehow read Azure as ADFS.
Patrick is quite correct about all of this. We are not able to register
Azure as an IdP for these and other reasons.

Best,

Nick

On 1/26/18 12:41 PM, Patrick Radtke wrote:
> Hi Roy,
>
> I believe InCommon requires that your IdP entity ID be from a domain you
> control. 
> AzureAD's entityIds are under https://sts.windows.net/[tenant] and would
> not qualify.
> I don't believe they support editing the IdP entityID.
>
> I believe you would also face issues with the signing keys. AzureAD
> publishes 3 signing keys, and I believe InCommon's UI supports 2.
> We've had a customer experience unexpected SAML key rotation on the free
> tier of AzureAD. If you experienced such an event it may take over a day
> to get your updated keys published and distributed through the federation.
>
> - Patrick
>
> On Fri, Jan 26, 2018 at 8:37 AM, Roy Hatcher
> <
> <mailto:>>
> wrote:
>
> Greetings,____
>
> __ __
>
> I'm writing because our institution, University of Arkansas, has
> begun using AzureAD SSO for single sign-on purposes. However, we
> have also been running Shibboleth IDP for years, and want to
> continue to use it, as well, in the near term.____
>
> __ __
>
> We're currently trying to work with a new Service Provider that
> requires our Metadata be loaded into a federation aggregate,
> however, we would like to configure this SP to work with AzureAD
> rather than Shibboleth.____
>
> Logging into Federation Manager, there doesn't appear to be a way to
> allow two different sets of IDP metadata.____
>
> __ __
>
> Is there a method for allowing both our IDP's metadata to be loaded
> into the InCommon aggregates?____
>
> __ __
>
> Thank you,____
>
> Roy____
>
> __ __
>
> --____
>
> Roy Hatcher____
>
> Security Analyst____
>
> University of Arkansas____
>
> __ __
>
> __ 
>



Archive powered by MHonArc 2.6.19.

Top of Page