Shibboleth Configuration
Please read the bottom description denoted by † first, then modify each configuration file.
- Shibboleth Setting
- relying-party.xml
Major Configuration: entityID, automatic metadata download. - handler.xml
Major Configuration: Method for login.
→Modify the "Type" to be "UsernamePassword" and then just refer to login.config - login.config
Major Configuration: LDAP configuration for authentication.
(ldapURL,baseDn, userFilter,subtreeSearch,SSL) - attribute-resolver.xml
Major Configuration: Principle definition of attribute and its resolution, which is obtained from LDAP
Original source of attribute (LDAP,ComputedID etc.) - attribute-filter.xml
Major Configuration: Selection of attributes to be sent to each SP. - IdP Metadata Preparation
- relying-party.xml
† If you modify each setting file, please restart the tomcat and then check the following log file.
- /opt/shibboleth-idp/logs/idp-process.log
Main log of the IdP action. Error and warning of the IdP action is noted in this log file. You need to check this log first when you have an problem with IdP action. /opt/shibboleth-idp/logs/idp-access.log
Access log of the IdP. This log includes access time and access source to the IdP.
Formats:requestTime | remoteHost | serverHost|serverPort | requestPath
/opt/shibboleth-idp/logs/idp-audit.log
Message log from IdP to SP. This log includes the information such as time, corresponding ID, attributes and so on.
Formats:auditEventTime | requestBinding | requestId | relyingPartyId | messageProfileId | assertingPartyId | responseBinding | responseId | principalName | authNMethod | releasedAttributeId1,releasedAttributeId2, | nameIdentifier | assertion1ID,assertion2ID, |
Setting of these log files are described in /opt/shibboleth-idp/conf/logging.xml