Hostname Setting

Check the hostname in the /opt/shibboleth-idp/conf/relying-party.xml

    <!-- ========================================== -->
    <!--      Relying Party Configurations          -->
    <!-- ========================================== -->

    <rp:AnonymousRelyingParty provider="https://idp.example.asia/idp/shibboleth"
                                                IdP Hostname
                         defaultSigningCredentialRef="IdPCredential">
    <rp:DefaultRelyingParty provider="https://idp.example.asia/idp/shibboleth"
                                              IdP Hostname
                         defaultSigningCredentialRef="IdPCredential">


Metadata Load Setting

Edit /opt/shibboleth-idp/conf/relying-party.xml

SP Metadata file will be prepared in the SP section.

    <!-- ========================================== -->
    <!-- Metadata Configuration -->
    <!-- ========================================== -->
<snip>
        <!-- Example metadata provider. -->
        <!-- Reads metadata from a URL and store a backup copy on the file system. -->
        <!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
        <!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element -->
        <!-- --> ←Add comment end
        <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider"
                          metadataURL="http://sp.example.asia/metadata/sp-metadata.xml"
                                              ↑URL of SP metadata

                          backingFile="/opt/shibboleth-idp/metadata/sp-example-asia-metadata.xml">
                                                                    ↑backup file name of SP metadata

      <!-- ← Add comment start
            <metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
                <metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil"
                                maxValidityInterval="P7D" />
                <metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
                                trustEngineRef="shibboleth.MetadataTrustEngine"
                                requireSignedMetadata="true" />
                <metadata:MetadataFilter xsi:type="metadata:EntityRoleWhiteList">
                    <metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
                </metadata:MetadataFilter>
            </metadata:MetadataFilter>
      --> ←Add comment end
        </metadata:MetadataProvider>
        <!-- --> ← Add comment start

 

If the metadata directory owner is not yet modified, please operate following command.

# chown -R tomcat /opt/shibboleth-idp/metadata/