If you are managing an application and would like to use Stanford's SAML Identity Provider (IdP) for authentication, this page will help you get started. Your application is called a "Service Provider" (SP). Stanford's IdP provides authentication and user data to registered Service Providers.
- The Service Provider (SP) must provide information about itself in the form of an XML string. This string is also called the SP's metadata. Generating this XML string will depend on the SP software, but if you are using Shibboleth as your SP software the metadata is typically available at the URL ending with "Shibboleth.sso/Metadata".
- This metadata contains several pieces of configuration including your SP's "entityID", a unique identifier. It should also include an X509 certificate that the Stanford IdP will use to encrypt information sent back to your SP. This certificate should be self-signed and be valid for at least five years.
- Once you have your metadata string, submit it via the SPDB configuration web site. After your metadata has been submitted, your SP will be able to use Stanford's IdP for authentication.
- The Stanford IdP releases a basic set of attributes to all registered SP's. If you need additional attributes not included in this basic set you will need to file a Data Owner Approval request for the additional attributes.
