Changes between Version 38 and Version 39 of idpiam2018


Ignore:
Timestamp:
Sep 13, 2018, 10:59:01 AM (6 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • idpiam2018

    v38 v39  
    722722
    72372328. Connect the openLDAP to the IdP to allow the authentication of the users:
    724 * use `openssl x509 -outform der -in /etc/ssl/certs/ldap_server.pem -out /opt/shibboleth-idp/credentials/ldap_server.crt` to load the ldap certificate.
     724* use `openssl x509 -outform der -in /etc/ssl/certs/ldap_server.pem -out /opt/shibboleth-idp/credentials/ldap-server.crt` to load the ldap certificate.
    725725   
    726726If you host ldap in a seperate machine, copy the ldap_server.crt to  `/opt/shibboleth-idp/credentials`
     
    738738       idp.authn.LDAP.sslConfig = certificateTrust
    739739       idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
     740       #idp.authn.LDAP.trustStore  = %{idp.home}/credentials/ldap-server.truststore
     741       idp.authn.LDAP.returnAttributes   = *
    740742       idp.authn.LDAP.baseDN = ou=people,dc=instXY,dc=ac,dc=lk
    741743       idp.authn.LDAP.userFilter = (uid={user})
     
    744746       idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=instXY,dc=ac,dc=lk
    745747       idp.attribute.resolver.LDAP.trustCertificates   = %{idp.authn.LDAP.trustCertificates:undefined}
     748       idp.attribute.resolver.LDAP.returnAttributes    = %{idp.authn.LDAP.returnAttributes}
    746749}}}
    747750
     
    754757       idp.authn.LDAP.useStartTLS = false
    755758       idp.authn.LDAP.useSSL = false
     759       idp.authn.LDAP.returnAttributes   = *
    756760       idp.authn.LDAP.baseDN = ou=people,dc=instXY,dc=ac,dc=lk
    757761       idp.authn.LDAP.userFilter = (uid={user})
     
    759763       idp.authn.LDAP.bindDNCredential = ###LDAP_ADMIN_PASSWORD###
    760764       idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=instXY,dc=ac,dc=lk
     765       idp.attribute.resolver.LDAP.returnAttributes    = %{idp.authn.LDAP.returnAttributes}
    761766}}}       
    762767(If you decide to use the Solution 2, you have to remove (or comment out) the following code from your Attribute Resolver file:
     
    872877> For production enviornments please use `https://fr.ac.lk`, Also make sure to remove `-training` from all urls.
    873878
     879When Applying for the membership of the federation the form will ask lot of questions to identify your service. Therefore, answer all of them as per the following,
     880
     881On the IDP registration page start with pasting the whole xml metadata from `https://idp.instXY.ac.lk/idp/shibboleth`
     882
     883
     884
     885
    87488634. Configure the IdP to retrieve the Federation Metadata:
    875887*