Most Commonly Requested IdP Data

When onboarding a new SAML service provider, they will often ask for specific pieces of information about our IdP. These are the answers that you want for the most commonly requested data:

IdP Metadata: give them the link or download and give them the file: metadata-shib-idp-ncsufed.xml
IdP EntityID, or Issuer: https://shib.ncsu.edu/idp/shibboleth
IdP Signing Certificate: give them the link or download and give them the file: shib-idp.crt or shib-idp-crt.txt
IdP Login URL: This will be one of these two, depending on how they send login requests. If one is refused by our IdP, try the other one:
- Redirected GET request: https://shib.ncsu.edu/idp/profile/SAML2/Redirect/SSO
- POST request: https://shib.ncsu.edu/idp/profile/SAML2/POST/SSO

Note that this assumes they are not using InCommon federation. If they are, they should be getting our metadata from the federation, and they should use our InCommon IDP EntityID which is: urn:mace:incommon:ncsu.edu.

NCSU Shibboleth Federation Files

NCSU Federation Metadata

metadata.xml - NCSU Federation metadata file: SP's should be configured to download this file periodically from this link's URL.
ncsu_federation.pem - NCSU Federation signing certificate: Download this file to verify the signature on the metadata file. (Certificate expires 2029)
Docs: How to load NCSU Federation Metadata - Explains one way to configure an SP to download and verify the NCSU Federation metadata.

IdP Metadata Files

Each of these files contains the metadata for one of our IdPs. The production IdP provides a different metadata file for each federation where it is a member. InCommon uses a different entityID. UNC Identity Federation and NCSU Federation use the same entityID, but have slightly different descriptive information.

Production IdP Metadata

metadata-shib-idp-incommon.xml - Metadata for the InCommon entityID="urn:mace:incommon:ncsu.edu". (Certificate expires 2029)
metadata-shib-idp-uncprod.xml - Metadata for the UNC Identity Federation entityID="https://shib.ncsu.edu/idp/shibboleth". (Certificate expires 2029)
metadata-shib-idp-ncsufed.xml - Metadata for the NCSU Federation entityID="https://shib.ncsu.edu/idp/shibboleth". (Certificate expires 2029)
metadata-affil-idp.xml - Metadata for the entityID="https://affil.shib.ncsu.edu/idp/shibboleth". This is used for Brickyard Logins (Guest/Affiliates/Parents). (Certificate expires 2029)

Development/Testing IdP Metadata

metadata-idpt1-idp.xml - Metadata for the entityID="https://idpt1.shib.ncsu.edu/idp/shibboleth". (Certificate expires 2029)
metadata-affilt1-idp.xml - Metadata for the entityID="https://affilt1.shib.ncsu.edu/idp/shibboleth". This is used for Brickyard Logins (Guest/Affiliates/Parents). (Certificate expires 2029)
metadata-idpt2-idp.xml - Metadata for the entityID="https://idpt2.shib.ncsu.edu/idp/shibboleth". (Certificate expires 2029)
metadata-affilt2-idp.xml - Metadata for the entityID="https://affilt2.shib.ncsu.edu/idp/shibboleth". This is used for Brickyard Logins (Guest/Affiliates/Parents). (Certificate expires 2029)

IdP Certificates

A few of our basic SAML clients cannot consume metadata files. Those clients are configured with a copy of our IdP signing certificate instead. Each of our IdPs uses its own certificate, listed below.

Production IdP Certificates

shib-idp.crt - NC State IdP certificate: our primary IdP. (Certificate expires 2029)
affil-idp.crt - NC State Affiliates IdP certificate: This is used for NC State Parents/Guests logins. (Certificate expires 2029)

Development/Testing IdP Certificates

Test Service 1 = idpt1 / affilt1

idpt1-idp.crt - idpt1 IdP certificate. (Certificate expires 2029)
affilt1-idp.crt - affilt1 IdP certificate. (Certificate expires 2029)

Test Service 2 = idpt2 / affilt2

idpt2-idp.crt - idpt2 IdP certificate. (Certificate expires 2029)
affilt2-idp.crt - affilt2 IdP certificate. (Certificate expires 2029)

Metadata sources for other federations

These links are provided for reference, for those SPs that may need to join or connect to them. Right click and Copy Link Address on the links to get the URLs.

UNC Identity Federation - Covers the UNC-system of schools.

UNC Identity Production - Production federation metadata.
UNC Identity Development - Development federation metadata.
UNC Affiliates - Affiliates federation metadata.

InCommon Federation - International federation for higher education.

InCommon Metadata - InCommon's federation metadata.