During the Windows Installer it asks two questions on 'Configure Shibboleth' (step 3).
- "Choose the DNS name for this IdP. It will be used to generate the EntityID, Certificates and Metadata"
- "Choose the Scope that this IdP will assert"
The first field defaults to the machine hostname, but these together and because that is similar to other installers [where you might enter hostname in one field and domain name in the next] can lead to a common mistake. This ultimately results in the idp-metadata.xml and
certificates being created with just hostname rather than FQDN, and the user has to re-install or recreate the certificates.
The simplest way to deal with this might be to reword the first field just to mention that in most [maybe all?] cases should be the FQDN (Fully Qualified Domain Name). But there could be other options e.g. checking for a FQDN and issuing a warning if it is not one?
- Jon Agland, UK federation team, Jisc