Using custom SP for SAML2.0

[Ricky Han]

Hello,

I need to integrate an external SP with my IdP setup. They use PingFederate as SP. So I have already had testShib working and need to integrate another company with their metadata. Any idea?

Thanks in advance,

Ricky

Here is the configuration I have for IdP:

cas.authn.samlIdp.entityId=https://idp.nxtstp.com:8443/cas/idp

cas.authn.samlIdp.hostName=idp.nxtstp.com:8443

cas.authn.samlIdp.scope=idp.nxtstp.com

cas.authn.samlIdp.metadata.cacheExpirationMinutes=30

cas.authn.samlIdp.metadata.failFast=true

cas.authn.samlIdp.metadata.location=/etc/cas/saml

cas.authn.samlIdp.metadata.privateKeyAlgName=RSA

cas.authn.samlIdp.metadata.requireValidMetadata=true

cas.authn.samlIdp.metadata.basicAuthnUsername=

cas.authn.samlIdp.metadata.basicAuthnPassword=

cas.authn.samlIdp.metadata.supportedContentTypes=

cas.authn.samlIdp.logout.forceSignedLogoutRequests=true

cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false

cas.authn.samlIdp.response.skewAllowance=0

cas.authn.samlIdp.response.signError=false

cas.authn.samlIdp.response.overrideSignatureCanonicalizationAlgorithm=

cas.authn.samlIdp.response.useAttributeFriendlyName=true

cas.samlSP.testShib.metadata=http://www.testshib.org/metadata/testshib-providers.xml

cas.samlSP.testShib.name=TestShib

cas.samlSP.testShib.description=TestShib Integration

cas.samlSP.testShib.attributes=eduPersonPrincipalName

<- wrong

cas.samlSP.officedepot.metadata=/etc/cas/saml/officedepot.xml

cas.samlSP.officedepot.name=OfficeDepot

cas.samlSP.officedepot.description=OfficeDepot Integration

cas.samlSP.officedepot.attributes=eduPersonPrincipalName

cas.samlSP.officedepot.attributes=emailAddress

[john.sebert]

I would be interested in the steps you took to get the TestShib working.

I've tried everything I can think of for setting up CAS as an IdP for TestShib and I get authentication to work but the attribute release doesn't map the attributes to attributes that TestShib understands.