The following steps need to be performed on Shibboleth SPs:

For SPs currently connecting to core prod idp(https://idp.utorauth.utoronto.ca/shibboleth), you should make the
following changes:

1. Change the destination where your authentication request will be sent to

Modify your SP’s shibboleth configuration file(/etc/shibboleth/shibboleth2.xml) to use idpz.utorauth.utoronto.ca
for SSO.

<SSO entityID=”https://idpz.utorauth.utoronto.ca/shibboleth”>

SAML2

</SSO>

 

For SPs currently connecting to idp-testbed(https://idp-qa.utorauth.utoronto.ca/shibboleth) and
new-idp2(https://idp-easi-2.utoronto.ca/shibboleth), you should make the
following changes:

1. Change the destination where your authentication request will be sent to

Modify your SP’s shibboleth configuration
file(/etc/shibboleth/shibboleth2.xml) to use idpz.utorauth.utoronto.ca
for SSO.

<SSO entityID=”https://idpz.utorauth.utoronto.ca/shibboleth”>

SAML2

</SSO>

2. Subscribe the production metadata

Modify your SP’s shibboleth configuration
file(/etc/shibboleth/shibboleth2.xml) to subscribe the production
metadata instead of the testbed metadata. Make sure that shibd have write permission to backingFilePath.

<MetadataProvider type=”XML”>

url=”https://sites.utoronto.ca/security/UToronto_SAML_Metadata.xml”

backingFilePath=”/var/cache/shibboleth/UToronto_SAML_Metadata.xml”

reloadInterval=”3600″>

</MetadataProvider>

. Load the new metadata signing certificate. The certificate can be downloaded from http://sites.utoronto.ca/security/projects/utorauth_metadata_verify.crt

. Verify everything is working.