Page History
...
IdP (Identity Provider): A web-based system that can authenticate a user on behalf of another system called SP (for Service Provider).
...
Configure the AJP connector. Note the " allowedRequestAttributesPattern=".*"
attribute. That is needed for the AJP connection so that the attributes from the "attribute-map.xml
" file (see above) will be passed to the ServletRequest object as request attributes (as opposed to request headers). See also shibboleth2.xml on the same topic.
<Connector protocol="org.apache.coyote.ajp.AjpNio2Protocol"
proxyName="shrine-sso-node01"
enableLookups="true"
address="0.0.0.0"
allowedRequestAttributesPattern=".*"
port="8009"
secretRequired="false"
redirectPort="6443" />
File sp-metadata.xml
The entityId attribute specifies who we are
<!-- ADJUST_FOR_YOUR_SITE (EntityDescriptor-entityID) -->
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://shrine-sso-node01.catalyst.harvard.edu">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor>
<ds:KeyInfo>
<ds:X509Data>
<!-- ADJUST_FOR_YOUR_SITE (X509Certificate) →
The certificate <ds:X509Certificate>
element contains the public key that was generated earlier
...