Integrate Shibboleth SP with an IdP

You will need to establish trust between your Shibboleth SP and a remote identity provider. The identity provider is where your users will be authenticating. Once a user successfully authenticates, he will be sent back to the SP along with a SAML response that contains information about the user as SAML attributes.

Obtain the IdP’s metadata reference it using a <MetadataProvider> in the /etc/shibboleth/shibboleth2.xml. See here for more information.

Request that the IdP release at least three attributes:

  1. A username attribute that can be used as the Joomla username
  2. An email address corresponding to the username
  3. A fullname

The IdP will release the above attributes with certain SAML attribute names. You will need to ensure that the attribute names match the ones mapped in the /etc/shibboleth/attribute-map.xml. See here for more information.

The IdP will also need the SP’s metadata. You can download a generated one by going to http://mysp.example.com/Shibboleth.sso/Metadata. However, you may need to adjust the contents of the generated metadata before you hand it over to the IdP. See here for more information.