Versions Compared

Old Version 101

changes.mady.by.user Xavier Haurie

Saved on

compared with

New Version 102

changes.mady.by.user Xavier Haurie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IdP (Identity Provider): A web-based system that can authenticate a user on behalf of another system called SP (for Service Provider).

...

Configure the AJP connector. Note the " allowedRequestAttributesPattern=".*" attribute. That is needed for the AJP connection so that the attributes from the "attribute-map.xml" file (see above) will be passed to the ServletRequest object as request attributes (as opposed to request headers). See also shibboleth2.xml on the same topic.

<Connector protocol="org.apache.coyote.ajp.AjpNio2Protocol" 
               proxyName="shrine-sso-node01"
               enableLookups="true"
               address="0.0.0.0"
               allowedRequestAttributesPattern=".*"
               port="8009" 
               secretRequired="false"
               redirectPort="6443" />

File sp-metadata.xml

The entityId attribute specifies who we are

<!-- ADJUST_FOR_YOUR_SITE (EntityDescriptor-entityID) -->
  <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://shrine-sso-node01.catalyst.harvard.edu">
    <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor>
        <ds:KeyInfo>
          <ds:X509Data>
            <!-- ADJUST_FOR_YOUR_SITE (X509Certificate) →


The certificate <ds:X509Certificate> element contains the public key that was generated earlier

...