In the documentation about entity naming says, that it is preferable to use domain names as the value of attribute entityID:
Strongly recommended NOT to use the physical hostname of a server running Shibboleth as the
entityID. As time passes, things get moved and that deployment may not always live on the same box.Additionally there may be multiple logical deployments of Shibboleth on a single physical server, each requiring their own unique
entityID, so using the server's name doesn't scale beyond a single one.
And more:
Some Shibboleth federations have strict policies governing the selection of an
entityID, though this is more common with IdPs than SPs. In other federations, selection is up to the federation participant, but operators may enforce basic conventions or react negatively to obviously poor choices. In general, you should check with the federation(s) you plan to join, and follow the advice above.
That the says specification:
Metadata for the OASIS Security Assertion Markup Language (SAML)V2.0
entityID[Required] -Specifies the unique identifier of the SAML entity whose metadata is described by the element's contents.
My SP deployed in the sandbox, which does not have a domain name.
Can I use a physical address (and port) in attributes entityID and Location?
It's ok for sandbox deployment due to development phase and should work with no problem, but it is totally inappropriate for production. As stated in documentation, in your scenario each time you change your sandbox SP physical location you have to update metadata on both SP and possibly IdP sides.