Table of Contents 1. Overview
Configure Cirrus Proxy Connector for an Additional IdP
Step 1 - Configure SAML Application
Step 2 - Provide Metadata to Cirrus
Step 3 - Add the Additional IdP to Discovery
Overview
This document outlines the steps required to configure a Cirrus Proxy Connector for customer service providers. In this use case you need to integrate your proxy with an additional identity provider (IdP) that is not in InCommon or eduGAIN. You will need to coordinate communication with the owner of that IdP.
First, the owner of the additional IdP will create a new SAML integration in their primary identity provider with the Proxy Connector as the service provider. Your Cirrus Technical Implementation Lead will provide you with the values specific to your Proxy Connector and you will provide this information to the owner of the IdP to configure the SAML Application and send you the metadata. You will then send this metadata back to Cirrus and we will load it. Once it is loaded, you will coordinate testing and troubleshooting for that IdP with the IdP owner.
Step 1 - Configure SAML Application
Add Application
In this step, you will work with the additional IdP owner to add the Service Provider configuration. Your Technical Implementation Lead will provide you with the following information specific to your proxy connector.
- Metadata url
- SP Entity ID (Audience URI)
- Single Sign-On/SAML ACS URL
- Single Logout URL
For identity providers that accept metadata, you should just need the metadata. For others, you may need to manually configure and add the information above.
Configure Attributes
Next you will add attributes. The list of attributes will be customized to what is needed for your proxy setup and the requirements of the additional identity provider.
Step 2 - Provide Metadata to Cirrus
Once the additional IdP owner provides the metadata url for the SAML Application created in the previous step, please send it to your Technical Implementation Lead or support@cirrusidentity.com. We will then load the metadata.
Step 3 - Add the Additional IdP to Discovery
Now that the metadata has been loaded, you will now add the additional IdP to the discovery screen for your proxy. See the ‘Configuring Identity Providers’ section of the Cirrus Discovery Documentation.
Test the Integration
Once the additional IdP is available on the proxy discovery screen, you can now test your integration. Please try logging into a service provider with the additional IdP. you run into any issues, please generate a SAML Trace and send to your Technical Implementation Lead.
Blog comments