Versions Compared

Old Version 47

changes.mady.by.user Xavier Haurie

Saved on

compared with

New Version 48

changes.mady.by.user Xavier Haurie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

/etc/shibboleth/shibboleth2.xml

--------------------------- make it generic! ----------------------------------

...


entityID: the ID of our Service Provider (SP)

...

<Handler type="Session" Location="/Session" showAttributeValues="true"
contentType="application/json"
/>

The idP's metadata is stored in a file call idp-metadata.xml

<MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>

The attribute-map.xml file will specify which attributes are extracted from the idP's response and the name of the request headers they will be available as (to the java code). 

<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>


<!-- Use a SAML query if no attributes are supplied during SSO. -->
<AttributeResolver type="Query" subjectMatch="true"/>

<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/>

</ApplicationDefaults>

<!-- Policies that determine how to process and authenticate runtime messages. -->
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>

<!-- Low-level configuration about protocols and bindings available for use. -->
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>

</SPConfig>

Our Shibboleth configuration has been pared down to the essential ( ? ). If needed, for instance if we want to add functionality to our Shibboleth installation, refer to shibboleth2.xml.dist

...