Forums

The high-level API web forms and MVC example identity providers demonstrate SP initiated single sign-on with Shibboleth.
The following sections describe the configuration for the Web Forms identity service provider but, with the appropriate changes, apply equally to the MVC example identity provider.
Refer to the following topic for instructions on installing and configuring the Web Forms and MVC example identity providers.
http://www.componentspace.com/Forums/48/Example-SAML-Identity-Provider-and-Service-Provider

Configuring the Identity Provider
The saml.config file identifies the local identity provider. This must match with the entity ID specified in the metadata uploaded to Shibboleth.
<IdentityProvider Name="https://test.componentspace.com"/>

 The saml.config file includes the following entry for the Shibboleth partner service provider.
<PartnerServiceProvider Name="https://sp.testshib.org/shibboleth-sp"
                        WantAuthnRequestSigned="false"
                        SignResponse="true"
                        SignAssertion="false"
                        EncryptAssertion="false"
                        AssertionConsumerServiceURL="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/>

Configuring the Service Provider
The saml.config file identifies the local service provider. This must match with the entity ID specified in the metadata uploaded to Shibboleth.
<ServiceProvider Name="https://test.componentspace.com"/>
 
The saml.config file includes the following entry for the Shibboleth partner service provider.
<PartnerIdentityProvider Name="https://idp.testshib.org/idp/shibboleth"
                         SignAuthnRequest="true"
                         WantResponseSigned="true"
                         WantAssertionSigned="false"
                         WantAssertionEncrypted="false"
                         UseEmbeddedCertificate="true"                               
                         SingleSignOnServiceUrl="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO"/>
 
The web.config file identifies the partner identity provider. This must specify the Shibboleth identity provider.
<add key="PartnerIdP" value="https://idp.testshib.org/idp/shibboleth"/>

Configuring Shibboleth
The supplied ComponentSpaceMetadata.xml includes metadata for the example identity provider and the example service provider. The entity ID must uniquely identify your organization. The URLs must be modified to match your configuration.
The metadata to modify may be found at C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\Metadata\Template.
Once the metadata has been updated, navigate to:
https://www.testshib.org/testshib-two/index.jsp
Click the Register button and upload your SAML metadata.

 

 
Confirm that the metadata has been uploaded successfully.

 
  
Metadata for Shibboleth and other entities may be found at:
http://www.testshib.org/metadata/testshib-two-metadata.xml  

Running Shibboleth with SSO – Example Identity Provider
Browse to:
https://sp.testshib.org/ 
Specify the entity ID you defined in your metadata. This entity ID is used as a key by Shibboleth to retrieve the correct metadata.


 

Login and you should be returned to Shibboleth.
https://sp.testshib.org/testing/sample.jsp 
This means you’ve successfully completed a SAML v2.0 SSO and are logged in at Shibboleth with your identity provider user name.



Running Shibboleth with SSO – Example Service Provider
Browse to the example service provider URL:
For example:
https://test.componentspace.com/ExampleServiceProvider