skip to main content


TAMUFederation Service Provider Deployment Guide

To ensure TAMUFederation members can also participate in InCommon, TAMUFederation recommendations mirror those adopted by InCommon as much as possible.

Recommended server configurations for Service Providers (SPs):

provider ID (entityID)

Each distinct Service Provider being deployed must possess a unique identifier, called a provider ID. This is analogous to the identifiers issued to Identity Providers and is in the form of a URI.

TAMUFederation accepts unique provider IDs from participant Service Providers. contains information that should be considered when selecting a provider ID.

Example SP Config XML

The following are example SP configuration files:


You may use a certificate from any Certificate Authority (CA). If you wish to obtain a certificate from the TAMUFederation CA, please send the following information to

  • a Certificate Signing Request (CSR) with o = Texas A and M University
  • Technical Contact name and email address

CSRs will be processed and e-mailed to the Technical Contact. The certificate will be in PEM format.

SP metadata

After installing a new Service Provider, use the URL http://localhost/Shibboleth.sso/Metadata on your Service Provider to automatically generate your metadata. For details on generating metadata, please visit

Shibboleth 2.0 and later versions of Shibboleth support metadata in the format defined by the SAML 2.0 specification. The relevant specifications can be found in:

An example document for a Service Provider might consist of the following:

   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol>"
          <idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
          <idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
                   [base64-encoded certificate used by SP]
      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
      <OrganizationName xml:lang="en">Texas A and M University</OrganizationName>
      <OrganizationDisplayName xml:lang="en">TAMU SP</OrganizationDisplayName>
      <OrganizationURL xml:lang="en"></OrganizationURL>
   <ContactPerson contactType="technical">

For additional information or questions about the technical requirements for TAMUFederation please send mail to: