...
- Identify at least two Site Administrators to administer IdP metadata
- Refresh and verify metadata at least daily (every hour if possible)
- Develop a strategy for securing your private keys before you generate them
Important Considerations for New IdPs
...
- Choose your entityID carefully
- a simple, generic name is best
- example: https://sso.example.edu/idp
- hostname must be rooted in your primary domain (e.g., example.edu)
- hostname need not match endpoint locations
- a simple, generic name is best
- Choose your Scope carefully
- usually equal to your primary domain
- used to construct eduPersonPrincipalName
- avoid multiple Scopes in metadata
- Constrain your IdP's protocol support to the front channel
- Do not support the SAML1 protocol
- Do not support attribute query
- Do not support SOAP-based endpoints