This is a list of locally maintained Shibboleth Service Providers (SPs). It also includes info for CashNet. CashNet administers their SPs but we are currently maintaining metadata for them.
Updating SP Certificates
Shibboleth ignores certificate expiration dates. As such, there's no need to update SP certs when they expire. In the past, the IdP used Apache to do certificate validation on back-channel AA queries, requiring us to keep certificates up to date. This is no longer the case as of June 2010, when we upgraded our IdP to 2.1.5.
In most cases, the SP's cert and key files will live at the SP root in the directory
etc/shibboleth. The certificate is
sp-cert.pem and the key is
sp-key.pem. These files may be symbolic links, particularly keys, which are typically housed in
/etc/umbc. Use caution if you're updating a key on multiple load-balanced hosts.
To generate a new cert and key, you can use the script
keygen.bat on Windows-based SPs). The CN of the cert needs to match the hostname of the web server, so for example, you may need to do
After generating a new cert, you will need to update the SP's metadata. For instructions on how to do this, see Configuring certificates and metadata for a local Shibboleth SP or contact your friendly Shibboleth administrator.