Australian Access Federation Support Desk

How to verify the entity ID for your IdP

by Dean Nottingham Follow

All federation metadata for the Australia Access Federation is managed using Federation Registry.  Note that there is one Federation Registry for the production federation and one Federation Registry for the test federation.  The two federations are completely separate.  You can access Federation Registry here:

https://manager.aaf.edu.au/federationregistry/ - Production

https://manager.test.aaf.edu.au/federationregistry/ - Test

One you have logged in, click on the IdP/SP that you are concerned with.  The Overview tab contains the core information about your IdP/SP.  The Entity Descriptor is also known as the SAML entity ID.  This value must match the configuration for your identity provider or service provider.

An example entity ID for a Shibboleth identity provider might look like:

https://idp.example.org/idp/shibboleth

An example entity ID for a Shibboleth service provider might look like:

https://sp.example.org/shibboleth

For a Shibboleth identity provider, the entity ID attribute is defined in the config file relying-party.xml under the elements <rp:DefaultRelyingParty> and <rp:AnonymousRelyingParty> as well as in attribute-resolver.xml under the <resolver:DataConnector> element.

For a Shibboleth service provider, the entity ID attribute is defined in the config file shibboleth2.xml under the <ApplicationDefaults> element.

The entity ID in the federation metadata MUST match the entity ID in your local configuration, otherwise federation endpoints will not be able to identity and reference your IdP/SP.

Note that, if you want to change an entity ID on the Federation Registry side, you cannot do this as a normal user.  You will have to log a support call for a Federation Registry administrator to action this for you.

Have more questions? Submit a request

Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk