Please follow the steps below to connect your test application to the Shibboleth Test Environment.

Step 1: Determine what type of SAML product you are running

Depending on how you integrate with Shibboleth, the steps for configuration will be different. Typically home grown applications run the Shibboleth Service Provider. Most cloud vendors or SaaS solutions will implement the SAML protocol separately.

Note: Please only perform this in your application test environment and not in production. These changes will only work if your test application is already configured with UCI's Shibboleth IDP. Please complete a Shibboleth Configuration Request if you would like to register your test application.

Check for existence of Shibboleth SP software

To determine if your application is running the Shibboleth SP, please performing the following:

Linux

Does the default install directory /etc/shibboleth exist?
Is the shibd process running?

If the answer is yes to both, please move own to Option 1. If not, please move to Option 2.

Windows

Does the default install directory C:\opt\shibboleth-sp\etc\shibboleth exist?
Does the Shibboleth SP appear in your Services Management Window?

If the answer is yes to both, please move own to Option 1. If not, please move to Option 2

Step 2: Configuring your SAML SP

Option 1: Shibboleth SP Software

Download the Shibboleth Test Environment Metadata

Download the Shibboleth Test Metadata and place it in your shibboleth home directory (/etc/shibboleth or C:\opt\shibboleth-sp\etc\shibboleth).

Update the entityID configuration in your shibboleth2.xml

In your shibboleth2.xml, which is located in your shibboleth home directory there should be a section that looks similar to the below.

            <SSO entityID="urn:mace:incommon:uci.edu">
              SAML2
            </SSO>

If the value of entityID is not "urn:mace:incommon:uci.edu" please go ahead and update that value.

Update the metadata configuration in your shibboleth2.xml

In your shibboleth2.xml, which is located in your shibboleth home directory there should be a section that looks similar to the below.

        <MetadataProvider type="XML" validate="true"
                    url="http://md.incommon.org/InCommon/InCommon-metadata-idp-only.xml"
              backingFilePath="InCommon-metadata-idp-only.xml" maxRefreshDelay="7200">
            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
            <MetadataFilter type="Signature" certificate="inc-md-cert.pem" verifyBackup="false"/>
            <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
              attributeName="http://macedir.org/entity-category"
              attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
              attributeValue="http://refeds.org/category/hide-from-discovery" />
        </MetadataProvider>

Comment the code block out and add the following and save your file

        <MetadataProvider type="XML" validate="true" path="metadata.xml"/>

Restart Shibboleth

Restart your Shibboleth process

Test your application

Navigate to your test application and attempt to login. You should be at https://login2.uci.edu.

Option 2: Configuring your Cloud/SaaS product using SAML

Please note that these steps are generic as all Cloud/SaaS solution configurations are slightly different.

Update your entityID

If the value of entityID is not "urn:mace:incommon:uci.edu" please go ahead and update that value.

Update your Shibboleth Metadata

Download the Shibboleth Test Metadata and replace the existing metadata file in your Cloud/SaaS SAML configuration.

Update your endpoints

If your Cloud/SaaS SAML configuration has references to https://shib.service.uci.edu/idp/profile/SAML2/POST/SSO or https://shib.service.uci.edu/idp/profile/SAML2/Redirect/SSO, please replace them with https://shib-staging.service.uci.edu/idp/profile/SAML2/POST/SSO or https://shib-staging.service.uci.edu/idp/profile/SAML2/Redirect/SSO

Test your application

Navigate to your test application and attempt to login. You should be at https://login2.uci.edu.

Browser not supported