Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
shibboleth IdP configuration
02-12-2018, 09:49 PM (This post was last modified: 02-12-2018 09:53 PM by jiangqiangqiang.)
Post: #1
shibboleth IdP configuration
After install shibboleth IdP,now we should configure idp to connect SP through authentication.In this thread, I will introduce the ldap authentication of password authentication.

1.config ldap properties in /opt/shibboleth-idp/conf/ldap.properties. About LDAP install you can see here.

Code:
idp.authn.LDAP.ldapURL                          = ldap://linux02.shufangkeji.com:389 #your ldap url
idp.authn.LDAP.useStartTLS                      = false #true for TLS encryption. It's necessary in future. Now just test.
idp.authn.LDAP.baseDN                           = ou=people,dc=linux02.shufangkeji,dc=com #the values depending on your ldap configuration
idp.authn.LDAP.bindDNCredential                 = 8ik,9ol #ldap password
idp.authn.LDAP.dnFormat                         = uid=%s,ou=people,dc=linux02.shufangkeji,dc=com #the values depending on your ldap configuration

2. The Password flow must be listed earlier in the shibboleth.AvailableAuthenticationFlows bean in authn/general-authn.xml than the extended flows (or at least, you must be cognizant that any flows listed earlier may be run earlier)

Code:
<bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
                p:passiveAuthenticationSupported="true"
                p:forcedAuthenticationSupported="true" />


3. config /opt/shibboleth-idp/conf/idp.properties
Code:
idp.entityID= https://linux02.shufangkeji.com/idp/shibboleth
idp.scope= shufangkeji.com
idp.views = %{idp.home}/views
idp.sealer.storePassword= 8ik,9ol // your password
idp.sealer.keyPassword= 8ik,9ol

4. Release some attributes to an SP in /opt/shibboleth-idp/conf/attribute-filter.xml
Code:
<!-- Release some attributes to an SP. -->
    <AttributeFilterPolicy id="example1">
      <PolicyRequirementRule xsi:type="Requester" value="https://linux01.shufangkeji.com/shibboleth" />
Here value="https://linux01.shufangkeji.com/shibboleth" is you SP entityID URL.

5. Metadata provider in /opt/shibboleth-idp/conf/metadata-providers.xml .Here we use local Metadata to test.
Code:
<MetadataProvider id="LocalMetadata"  xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/idp-metadata.xml"/>
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: