Versions Compared

Old Version 50

changes.mady.by.user Xavier Haurie

Saved on

compared with

New Version 51

changes.mady.by.user Xavier Haurie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  ShibUseEnvironment Off

  ShibUseHeaders On

</LocationMatch>

Tomcat Configuration


Shibboleth Configuration

Shibboleth consists of a Daemon plus an apache module. This Apache module must be configured for Shibboleth to intercept certain requests. When a request is intercepted, Shibboleth will decide whether the user (1) needs to login at the configured idP (which will present a login form to the user), or (2) is already logged in (and Shibboleth will let the request be served as if it wasn't there to intercept it)

...

<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>

We left this and file(s) it points to unchanged:

<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

...

    
    <!--    The 'name' attributes need to match exactly what your IdP sends in 
            its response to your (successful) AuthnRequest
            
            E.g.
    -->
    <Attribute name="ecommonsId" id="ecommonsid"/>
    <Attribute name="Email" id="email"/>
    <Attribute name="Firstname" id="firstname"/>
    <Attribute name="Lastname" id="lastname"/>

</Attributes>

Tomcat Configuration


Tomcat should accept requests on port 8080 only from localhost:

...