Page History
...
- And then in sp.conf .........
Serve metadata dynamically but as though an XML file was being accessed, from Tomcat
#### serve metadata
ProxyPass "/sp-metadata.xml" "http://127.0.0.1:8080/shrine-api/sso/rest/util/sp-metadata"
as per https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335062/Apache
# "You do not have to set UseCanonicalName On, but you usually should ..."
UseCanonicalName On
The following tells Apache to use Shibboleth for authentication of any URL starting with "shrine-api":
#### whitelist URLs which need to be protected by Shibboleth
<LocationMatch "/shrine-api/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user local
...
https://shrine-sso-node01.catalyst.harvard.edu/Shibboleth.sso/Session
File idp-metadata.xml
Get from your IdP
File attribute-map.xml
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- The 'name' attributes need to match exactly what your IdP sends in
its response to your (successful) AuthnRequest
E.g.
-->
<Attribute name="ecommonsId" id="ecommonsid"/>
<Attribute name="Email" id="email"/>
<Attribute name="Firstname" id="firstname"/>
<Attribute name="Lastname" id="lastname"/>
</Attributes>
Tomcat Configuration
Tomcat should accept requests on port 8080 only from localhost. Something like?
...