Changes between Version 13 and Version 14 of spiam2018


Ignore:
Timestamp:
Sep 18, 2018, 5:52:21 AM (6 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • spiam2018

    v13 v14  
    420420
    421421The SLO would use an asynchronous message to the IdP and the flow would end at the IdP Logout page.  The user would be returned to the return URL only if the SLO is done in synchronous mode and the flow returns back to the SP.  To set the return URL, pass it in the return parameter as a query string to the Logout initiator - e.g.: https://sp.instXY.ac.lk/Shibboleth.sso/Logout?return=https://sp.instXY.ac.lk/logout-completed.html
     422
     423=== Enable service provider from your IDP ===
     42422. To be able to login to your new SP, you must enable it from your IDP.
     425
     426* Log in to your IDP and become root
     427
     428*  You may want to enable any SP who is a member of the federation, edit `relying-party.xml` by
     429
     430{{{
     431vim /opt/shibboleth-idp/conf/relying-party.xml
     432}}}
     433
     434And uncomment the following from '''shibboleth.UnverifiedRelyingParty''' bean
     435
     436{{{
     437<bean parent="SAML2.SSO" p:encryptAssertions="false" />
     438}}}
     439
     440* To release specific attributes for a SP you can add it to `/opt/shibboleth-idp/conf/attribute-filter.xml`
     441
     442   Consult Service Provider guidelines and https://fr-training.ac.lk/attribute-filter-LEARN-Production.xml on deciding what attributes you should release.
     443
     444   Reload shibboleth.AttributeFilterService to apply the new SP