Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Shibboleth Configuration

Please read the bottom description denoted by † first, then modify each configuration file.

  • Shibboleth Setting
    1. relying-party.xml
      Major Configuration: entityID, automatic metadata download.
    2. handler.xml
      Major Configuration: Method for login.
      →Modify the "Type" to be "UsernamePassword" and then just refer to login.config
    3. login.config
      Major Configuration: LDAP configuration for authentication.
      (ldapURL,baseDn, userFilter,subtreeSearch,SSL)
    4. attribute-resolver.xml
      Major Configuration: Principle definition of attribute and its resolution, which is obtained from LDAP
      Original source of attribute (LDAP,ComputedID etc.)
    5. attribute-filter.xml
      Major Configuration: Selection of attributes to be sent to each SP.
    6. IdP Metadata Preparation

 

†  If you modify each setting file, please restart the tomcat and then check the following log file.

Anchor
logcheck
logcheck

  • /opt/shibboleth-idp/logs/idp-process.log
    Main log of the IdP action. Error and warning of the IdP action is noted in this log file. You need to check this log first when you have an problem with IdP action.
  • /opt/shibboleth-idp/logs/idp-access.log
    Access log of the IdP. This log includes access time and access source to the IdP.
    Formats:

    No Format
    requestTime | remoteHost | serverHost|serverPort | requestPath
  • /opt/shibboleth-idp/logs/idp-audit.log
    Message log from IdP to SP. This log includes the information such as time, corresponding ID, attributes and so on.
    Formats:

    No Format
    auditEventTime | requestBinding | requestId | relyingPartyId | messageProfileId |
    assertingPartyId | responseBinding | responseId | principalName | authNMethod |
    releasedAttributeId1,releasedAttributeId2, | nameIdentifier | assertion1ID,assertion2ID, |

  Setting of these log files are described in /opt/shibboleth-idp/conf/logging.xml