Configuring a Keystone Service Provider

Question

I'm configuring the keystone (as SP) for federation, and I have a question about the setup shibboleth [1]. I need edit the shibboleth2.xml file, and add the SP entity ID:

<ApplicationDefaults entityID="http://mysp.example.com/shibboleth">

In my case, would be:

<ApplicationDefaults entityID="http://10.7.49.47:5000/shibboleth">

I don't know if this is the right value. When I try access 10.7.49.47:5000/v3/OS-FEDERATION/identity_providers/myidp/protocols/mapped/auth, I receive the error:

Unable to locate metadata for 'http://10.7.49.47:5000/shibboleth'

I want understand better how the shibboleth work with keystone, and how get this Keystone SP entityID. I don't know if I need configure something to make '/shibboleth' works. I need get this entityID to configure my IdP SimpleSamlPHP, and add the SP there [2].

[1] https://docs.openstack.org/developer/keystone/federation/shibboleth.html

[2] https://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_5

Answer 1

One I recommend you use HTTPS to connect with shibboleth. If it is you case then ignore.

Two entityId do not need to match with your host or IP. So if you want you can ignore port from entityId. You can use any string for that matter.

Now answer to your question, see my this answer to see steps to integrate shibooleth. Though this is java application steps but it is mostly done in apache http so it is relevant to anybody.

See the step 3 from that post, that is where your apache server knows that this location to protect.

P.S. The path your application listens is /Shibboleth.sso/ not /shibboleth