Page History
...
IdP (Identity Provider): A web-based system that can authenticate a user on behalf of another system called SP (for Service Provider).
...
Get from your IdP (Probably do not (need to) distribute ours)
File attribute-map.xml
...
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
...
<!-- The 'name' attributes need to match exactly what your IdP sends in
its response to your (successful) AuthnRequest
E.g.
-->
<Attribute name="ecommonsId" id="ecommonsid"/>
<Attribute name="Email" id="email"/>
<Attribute name="Firstname" id="firstname"/>
<Attribute name="Lastname" id="lastname"/>
</Attributes>
...
Tomcat should accept requests on port 80808009, but only from localhost, and redirect to the SSL port 6443:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
...
.
...
redirectPort="6443" />
Configure port 6443:
<Connector port="6443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true">
<SSLHostConfig clientAuth="none" sslProtocol="TLS" sslEnabledProtocols="TLSv1.3,TLSv1.2"
honorCipherOrder="true" ciphers="TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256">
<Certificate certificateKeystoreFile="/opt/shrine/shrine.keystore"
certificateKeystorePassword="changeit"
certificateKeyAlias="*.catalyst.harvard.edu" />
</SSLHostConfig>
</Connector>
...
<Connector protocol="org.apache.coyote.ajp.AjpNio2Protocol"
proxyName="shrine-sso-node01"
enableLookups="true"
address="0.0.0.0"
allowedRequestAttributesPattern allowedRequestAttributesPattern=".*"
port="8009"
secretRequired="false"
redirectPort="6443" />
...