发表新帖
发表新帖

Setting up a new Shibboleth IdP to work with an existing SAML SP

后端 未结
关注
1 1325
遇见更好的自我
遇见更好的自我 2020-12-04 02:43

Hopefully this isn\'t a duplicate or too broad. I just have a feeling I need a bit more information than anything else I\'ve been able to find.

I have a program/serv

相关标签:
1条回答
  • 轻奢々
    2020-12-04 03:24

    To answer your five (5) questions, without loss of generality, we assume that

    (I) the metadata file of SAML IdP is idpsaml-metadata.xml

    (II) the metadata file of SAML SP is sp-example-org.xml

    Q&A

    1. Where to put the SP XML information in the IdP installation

    Answer: /opt/shibboleth-idp/metadata/sp-example-org.xml

    1. Where to put the SP certificate in the IdP installation (or setup/configure a path to a certificate)

    Answer: The metadata file of SAML SP consists of the SP certificate. SAML IdP will extract SP certificate from SAML SP's metadata (e.g., sp-example-org.xml)

    1. Where to get the IdP certificate (I think the default setup generates something for me? Unclear)

    Answer: The metadata file of SAML IdP consists of all the IdP certificates (which have been generated by the default setup of SAML IdP).

    You need to place the metadata file of SAML IdP (e.g., idpsaml-metadata.xml) into the SAML SP's home directory, e.g., /etc/shibboleth/idpsaml-metadata.xml

    1. Where the IdP login path is

    Answer: Usually SAML SP uses HTTP-POST endpoint as SAML IdP login path, e.g.,

    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://IdP-Server-URL/idp/profile/SAML2/POST/SSO"/>

    You also need to configure Shibboleth IdP with LDAP user authentication.

    /opt/shibboleth-idp/conf/idp.properties

    /opt/shibboleth-idp/conf/ldap.properties

    /opt/shibboleth-idp/conf/attribute-filter.xml

    /opt/shibboleth-idp/conf/attribute-resolver-full.xml

    1. Whether or not there's anything else I need to configure to get the two talking

    Answer: To allow SAML IdP to provide identity authentication for SAML SP, both SAML IdP and SAML SP need to exchange their metadata. Then you need to configure SAML IdP with SAML SP.

    SAML IdP /opt/shibboleth-idp/conf/metadata-providers.xml

    /opt/shibboleth-idp/conf/relying-party.xml

    SAML SP

    /etc/shibboleth/shibboleth2.xml

    /etc/shibboleth/attribute-map.xml

    Remarks:

    How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provides the sample configuration files for Shibboleth IdP and SP.

    0 讨论(0)
 看不清?
提交回复
热议问题