Create a Service Provider (SP) connection
To create a Service Provider (SP) connection, complete the following steps.
1. On the IDP Configuration page, select SP Connections, and click Create New.
2. On the Connection Type tab, select Browser SSO Profiles to specify the SAML 2.0 protocol.
3. On the Connection Options tab, select Browser SSO and click Next.
4. On the Metadata URL tab, import the metadata file (metadata.xml) that you have downloaded from Shibboleth.
5. Verify the information in the General Info section and click Next. This information is imported from the medata.xml file from Shibboleth (in step 4)
6. On the Browser SSO tab, click Configure Browser SSO.
a. In SAML Profiles, select SP-Initiated SSO.
b. In Assertion lifetime, click Configure Assertion Creation.
7. Under Protocol Settings, in Assertion Consumer Service URL section, add the following endpoints:
URL:/Shibboleth.sso/SAML2/POST
URL:/Shibboleth.sso/SAML2/Artifact
URL:/Shibboleth.sso/SAML2/ECP
8. On the Credentials tab, click Configure Credentials.
a. In the Inbound Authentication Type section, set the Authentication Type to Digital Signature (Browser SSO profile only).
b. In the Digital Signature Settings section, under Selected Certificate, import the relevant certificate file.
9. In the Signature Verification section, complete the following:
a. Set Trusted Model to unanchored.
b. In the Signature Verification Certificate, import appropriate certificate.
c. For Select XML Encryption Certificate, select the appropriate certificate from the drop-down list.
10. To confirm that the new service provider is active, on the Activation & Summary tab, check that the Connection Status radio button is set to Active.
11. Click Done to save your changes.
12. Export the metadata.xml file and keep it the folder where Shibboleth2.xml exists. Rename it to WQS_idp_metadata.xml, which is same as the name that you have mentioned in Shibboleth2.xml. (See step 2e of Configuring Shibboleth.)