Page History

/var/www/html/sp-metadata.xml 

– as long as your Apache configuration sets DocumentRoot to /var/www/html (for instance in /etc/httpd/conf/httpd.conf) 

To be shared dynamically with your site's IdP (i.e. make it available at a given URL and share that URL with your IdP's maintainers/admins); or omit from the SP's web server, and instead share it securely with the IdP admins whenever it changes (if it does)

In either case, populate the entityID, public key certificate, and consumer service location with yours

Specifies many aspects of your SP.

Populate the entityID attribute in<ApplicationDefaults> to match the entityID in sp-metadata.xml.

Populate the entityID attribute in <SSO> to match the entityID in idp-metadata.xml. Note that the REMOTE_USER xml attribute of <ApplicationDefaults> is set to "userId" which matches the "userId" in attribute-map.xml.

The <CredentialResolver> element specifies the private+public key to use for encryption and signing while communicating with the idP. If you put the keys in the location specified above, there is no need to modify this element. Otherwise edit this file to reflect the location of the keys. Private key should be in a "safe" location. what if it is password-protected?

Populate the ServerName and ProxyPass directives with your hostname.

Populate certificateKeystorePassword, certificateKeyAlias and proxyName.

Merge the contents  of server.xml-sample Merge it into the existing server.xml.

Sets up the receiving end of AJP over NIO2 connection with Apache. 

For security reasons, Tomcat should open port 8009 only to localhost, and should reside on the same host as Apache.

sso/shrine/shrine.conf-sample

or

sso/shrine/override.conf-sample

/opt/shrine/tomcat/lib/shrine.conf

or

/opt/shrine/tomcat/lib/override.conf