Integrate Shibboleth SP with an IdP
You will need to establish trust between your Shibboleth SP and a remote identity provider. The identity provider is where your users will be authenticating. Once a user successfully authenticates, he will be sent back to the SP along with a SAML response that contains information about the user as SAML attributes.
Obtain the IdP’s metadata and reference it using a
<MetadataProvider> in the /etc/shibboleth/shibboleth2.xml. See here for more information.
Request that the IdP release at least three attributes:
- A username attribute that can be used as the Joomla username
- An email address corresponding to the username
- A fullname
The IdP will release the above attributes with certain SAML attribute names. You will need to ensure that the attribute names match the ones mapped in the /etc/shibboleth/attribute-map.xml. See here for more information.
The IdP will also need the SP’s metadata. You can download a generated one by going to http://mysp.example.com/Shibboleth.sso/Metadata. However, you may need to adjust the contents of the generated metadata before you hand it over to the IdP. See here for more information.