Skip to end of metadata
Go to start of metadata

In most cases authentication via LDAP (including the Microsoft implementation that comes with "Active Directory") will be easiest and most useful:

Adjust /opt/shibboleth-idp/conf/ldap.properties to taste, according to section "Basic Configuration" from the documentation.

Additional steps for LDAPS

If you're using LDAPS to connect to your LDAP servers (use of LDAP+STARTTLS shouldn't need anything special) be sure to also follow the steps mentioned in the LDAPonJava>8 documentation in the Shibboleth wiki, i.e. within your conf/ldap.properties config file ensure the following:

  • no trailing slash on any of your ldapURL values
  • no blanks/spaces in any of the LDAP filters
  • set the property to use the UnboundID LDAP provider

After changes to (any) property files you'll need to restart the whole container (i.e., Tomcat) for the changes to become active:

systemctl restart tomcat9

In order to test/verify your authentication configuration you may use the methodology described in our Testing an IDP documentation.

Further reading for more advanced needs:

Also, the ACOnet Team has collected working configuration examples from eduID.at community members, so you can always ask on the community mailing list or the provided support email address.

  • No labels