Page History
...
Consult your local Shibboleth experts for guidance.
idP (Identity Provider): A web-based system that can authenticate a user on behalf of another system (SP, for Service Provider)
In the present case, the SP consists of the Shibboleth SP software, which
There are five configuration files that need to go on the host that is running shibd (Shibboleth SP). They will be installed upon installing Shibboleth SP, and they need to be overlayed/modified to reflect your installation, as follows:
Filename | Location on SP | Notes |
---|---|---|
idp-metadata.xml | /etc/shibboleth/idp-metadata.xml | A copy of your siteIdP's IdP metadata |
sp-metadata.xml | /var/www/html/sp-metadata.xml – if your Apache sets DocumentRoot to /var/www/html (for instance in /etc/httpd/conf/httpd.conf) | To be shared dynamically with your site's Shibboleth IdP (i.e. make it available at a given URL and share that URL with your idP's maintainers/admins) Or omit from the SP, and instead email it to the IdP admins |
attribute-map.xml | /etc/shibboleth/attribute-map.xml | Specifies the user-information that your IdP sends to the SP upon login |
sp.conf | /etc/httpd/conf.d/sp.conf | Tells Apache to require Shibboleth login for Shrine Urls (/shrine-api/*) . Tomcat should open port 8080 only to localhost, and should reside on the same host as your SP |
shibboleth2.xml | /etc/shibboleth/shibboleth2.xml | Specifies miscellaneous aspects of your SP |
...