Versions Compared

Old Version 20

changes.mady.by.user Carl Woolf

Saved on

compared with

New Version 21

changes.mady.by.user Carl Woolf

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • And then in sp.conf .........

Serve metadata dynamically but as though an XML file was being accessed, from Tomcat

#### serve metadata

ProxyPass "/sp-metadata.xml" "http://127.0.0.1:8080/shrine-api/sso/rest/util/sp-metadata"

as per https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335062/Apache

# "You do not have to set UseCanonicalName On, but you usually should ..."

UseCanonicalName On


The following tells Apache to use Shibboleth for authentication of any URL starting with "shrine-api":

#### whitelist URLs which need to be protected by Shibboleth

<LocationMatch "/shrine-api/">

  AuthType shibboleth

  ShibRequestSetting requireSession 1

  Require valid-user local

...

https://shrine-sso-node01.catalyst.harvard.edu/Shibboleth.sso/Session

File idp-metadata.xml

Get from your IdP

File attribute-map.xml

<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    
    <!--    The 'name' attributes need to match exactly what your IdP sends in 
            its response to your (successful) AuthnRequest
            
            E.g.
    -->
    <Attribute name="ecommonsId" id="ecommonsid"/>
    <Attribute name="Email" id="email"/>
    <Attribute name="Firstname" id="firstname"/>
    <Attribute name="Lastname" id="lastname"/>

</Attributes>

Tomcat Configuration


Tomcat should accept requests on port 8080 only from localhost. Something like?

...