Page History
Shibboleth consists of a daemon plus an Apache module. These must be configured for Shibboleth to intercept certain requests (see Apache Configuration in SHRINE 4.0.0 Appendix A.4 - More Details: Apache Configuration). When a request is intercepted, Shibboleth will decide whether the user (1) needs to login at the configured IdP (which will present a login form to the user), or (2) is already logged in (and Shibboleth will let the request be served as if it wasn't there to intercept it).
...
attributePrefix must be set to "AJP_" so that the attributes from the "attribute-map.xml" file (see below) are passed to Tomcat as request attributes (as opposed to request headers). See also SHRINE 4.0.0 Appendix A.5 - More Details: Tomcat Configuration on the same topic.
The REMOTE_USER xml attribute of <ApplicationDefaults> should be populated, in the form of a list of at least one attribute name; the first of which should normally be "userId", which is defined in attribute-map.xml.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <!-- The 'name' attributes need to match exactly what your IdP sends in its response to your (successful) AuthnRequest --> <Attribute name="[idP's name for the user id]" id="userId"/></Attributes> |
Next Step:
SHRINE 4.0.0 Appendix A.4 - More Details: Apache Configuration
Overview
Content Tools