Page History
...
IdP (Identity Provider): A web-based system that can authenticate a user on behalf of another system called SP (for Service Provider).
...
Sessions configuration documentation is available at https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334342/Sessions
TO DO: set checkAddress to "true" and test.
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
You MUST supply an effectively unique handlerURL value for each of your applications.
The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
a relative value based on the virtual host. Using handlerSSL="true", the default, will force
the protocol to be https. You should also set cookieProps to "https" for SSL-only sites.
Note that while we default checkAddress to "false", this has a negative impact on the
security of your site. Stealing sessions via cookie theft is much easier with this disabled.-->>
<Sessionslifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true" cookieProps="https">
...
Setting the status-reporting-service URL (relative to the hostname) to "/Shibboleth.sso/Status"
<Handler type="Status" Location="/Status"/>
...
<CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/>
We left this and the file files it points to unchanged:
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/><ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
Our Shibboleth configuration has been pared down to the essential ( ? ). If needed, for instance if we want to add functionality to our Shibboleth installation, refer to shibboleth2.xml.dist
...
Overview
Content Tools