Child pages
  • 1. relying-party.xml
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Hostname Setting

Check the hostname in the /opt/shibboleth-idp/conf/relying-party.xml

    <!-- ========================================== -->
    <!--      Relying Party Configurations          -->
    <!-- ========================================== -->

    <rp:AnonymousRelyingParty provider="https://idp.example.asia/idp/shibboleth"
                         Hostname 
                         defaultSigningCredentialRef="IdPCredential">
    <rp:DefaultRelyingParty provider="https://idp.example.asia/idp/shibboleth"
                         Hostname
                         defaultSigningCredentialRef="IdPCredential">


Medata Load Setting

Edit /opt/shibboleth-idp/conf/relying-party.xml

SP Metadata file will be prepared in the SP section.

    <!-- ========================================== -->
    <!--      Metadata Configuration                -->
    <!-- ========================================== -->
<snip>
        <!-- Example metadata provider. -->
        <!-- Reads metadata from a URL and store a backup copy on the file system. -->
        <!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
        <!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element -->
        <!-- --> ←Add comment end
        <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider"
                          metadataURL="http://sp.example.asia/metadata/sp-metadata.xml"
                       ↑URL of IdP metadta

                          backingFile="/opt/shibboleth-idp/metadata/sp-metadata.xml">
                                  ↑backup file name of SP metadata

      <!-- ← Add comment start
            <metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
                <metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil"
                                maxValidityInterval="P7D" />
                <metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
                                trustEngineRef="shibboleth.MetadataTrustEngine"
                                requireSignedMetadata="true" />
                <metadata:MetadataFilter xsi:type="metadata:EntityRoleWhiteList">
                    <metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
                </metadata:MetadataFilter>
            </metadata:MetadataFilter>
      --> ←Add comment end
        </metadata:MetadataProvider>
        <!-- --> ← Add comment start

 

If the metadata directory owner is not yet modified, please operate following command.

# chown -R tomcat /opt/shibboleth-idp/metadata/

 

  Parent Page  

 

  • No labels