If you have a new instance of a service that already has a Shibboleth connection, say a new Salesforce application, then look at the pages documenting that particular service. This describes what you need for completely new applications.
The Shibboleth URL
If the user will go to the application first, and the application will generate a Request form and post it to Shibboleth, then the application needs the URL to which the Request form will be posted. This is:
https://auth.yale.edu/idp/profile/SAML2/POST/SSO
If the application does not need to send a request and will accept an unsolicited SAML Reply form from Shibboleth, then the application does not need to be configured with any Shibboleth URL. Instead, the URL can be turned into a hyperlink in a Yale Web page. For example, the Yale Portal menu that points to Hewitt ("My Benefits") is a hyperlink direct to Shibboleth that provides the Hewitt login URL as the "target" parameter and the Hewitt SAML providerId as another parameter:
There is a component of Shibboleth listening at the /profile/SAML2/Unsolicited/SSO URL and when it gets an HTTP GET of this form it generates a dummy SAML Request using these two parameters and then transfers to the normal request processing.
The Yale Certificate
The SAML generated by Shibboleth has been digitally signed using a private key that only Shibboleth knows. The Relying Party has to be configured with an X.509 Certificate containing the public key that can be used to validate the SAML message to ensure that it was really sent by Yale and has not been altered. There are separate Certificates for dev, test, and prod:
[auth.yale.edu production|../../../../../../../../../download/attachments/18954151/auth.cer?version=1&modificationDate=1339180777000] or
[auth-test.yale.edu test|../../../../../../../../../download/attachments/18954151/auth-test.cer?version=1&modificationDate=1339180803000] or
[auth-dev.yale.edu development|../../../../../../../../../download/attachments/18954151/auth-dev.cer?version=1&modificationDate=1339180797000]
With most applications we have encountered, you typically open these links with a text editor, cut the text version of the certificate, and paste it into a multiline text box in the application SAML SSO configuration form.
Yale Metadata (Everything you could possibly need to know)
Rather than configuring just the information that the application requires to operate, SAML provides a file format for Metadata. Metadata is a complete description of the Shibboleth capability including all the URLs for all the SAML protocols that Shibboleth supports, plus the Certificate. Of course, the application has to understand the format of this file, and since it typically only needs one URL and one Certificate, most applications prefer to just consume the data listed above. However, if you need Yale Shibboleth's own Metadata, it is at:
Prod Metadata
Test Metadata
Dev Metadata