Shibboleth Service Provider Configuration Resources

This document provides the resources necessary for setting up a Shibboleth Service Provider (SP).

Request Form and Windows Configuration

If your department or unit has a web resource that you wish to offer to people at another institution, ask your departmental or unit IT staff to fill out the Shibboleth Configuration Request form.

Installation and configuration instructions are available for Windows servers in the document How to Set Up a Shibboleth 2.X Service Provider on Windows and IIS.

Federation Membership

The University of Michigan is a member of the InCommon Federation.

Available Attributes

The attributes released in Shibboleth SP configurations are detailed in U-M Shibboleth Attribute Release Policy and Procedure. If your SP will require additional attributes, please submit the Shibboleth Attribute Release Form.

Test Environment Resources

In order to implement your Shibboleth configuration, U-M requires that testing be completed.

The test metadata is available here
https://shibboleth.umich.edu/md/UMich-TEST-metadata.xml

The umwebCA certificate will need to be installed in order for your SP to be able to use the metadata. That certificate is available here:
http://www.umich.edu/~umweb/umwebCA.pem

In addition, the entityID must be included in the SP configuration, and the ID for the test environment is:
https://shib-idp-test.www.umich.edu/idp/shibboleth

The test environment also has login and logout URLs that may need to be added to your SP, depending on the configuration.

The value after the ? tells the service what page to redirect to upon logout. The logout configuration is limited to sites within the umich.edu domain, so the example of http://www.umich.edu is used here, but a landing page for your service, put up by the organization or department hosting the service, can also be used. For example, http://example.umich.edu/serviceoffered

Production Environment Resources

After testing is complete, your Shibboleth installation is ready to be configured for the production environment.

The entityID must be included in the SP configuration, and the ID for the production environment is:
https://shibboleth.umich.edu/idp/shibboleth

The production environment will require production environment metadata, which is available here:
https://shibboleth.umich.edu/md/UMich-metadata.xml

Be sure that the umwebCA certificate is also installed on your machine:
http://www.umich.edu/~umweb/umwebCA.pem

The production environment also has login and logout URLs that may need to be added to your SP, depending on the configuration.

The value after the ? tells the service what page to redirect to upon logout. The logout configuration is limited to sites within the umich.edu domain, so the example of http://www.umich.edu is used here, but a landing page for your service, put up by the organization or department hosting the service, can also be used. For example, http://example.umich.edu/serviceoffered

Tags: 
Last Updated: 
Friday, April 7, 2017