Versionen im Vergleich

Alte Version 1

changes.mady.by.user Peter Brand

Gespeichert am

verglichen mit

Neue Version 2

changes.mady.by.user Peter Brand

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

Codeblock
languagebash
titleWhat IDP version is currently installed
$ /opt/shibboleth-idp/bin/version.sh
34.40.60


Codeblock
languagebash
titleWhat does the IDP think of its own state?
/opt/shibboleth-idp/bin/status.sh

...

Codeblock
languagebash
titleFailed logins in Jan 2019Aug 2020 CE
zgrep ' failed$' /opt/shibboleth-idp/logs/idp-process.log.201901202008*


Codeblock
languagebash
titleSuccessful logins today
fgrep succeeded /opt/shibboleth-idp/logs/idp-process.log

...

What data will go out for userid X to service Y

The aacli is a very useful tool to test what data the running IDP would send for a given subject (replace SOME_USERID below with the login name the subject would enter during authentication) to a given SP. Not only does that help verifying your attribute resolver  and attribute filter configuration when you're making changes to either (or both), it can also be useful in debugging access problems someone experiences at a given SP as you can easily compare what data would go out for different subjects (e.g. in cases where access works vs. where it fails) without needing the subject's cooperation in this issue (or access to their password).

Codeblock
languagebash
titleAttributes (and NameID) that would be sent
/opt/shibboleth-idp/bin/aacli.sh --saml2 -n SOME_USERID -r https://test-sp.aco.net/shibboleth

Statistics

ACOnet has contributed a log analysis tool for parsing the Shibboleth IDP's audit logs. For the current day use  /opt/shibboleth-idp/logs/idp-audit.log.

...

Locally managed Service Provider Metadata (non-eduID.at)

See our IDP 3 4 Metadata configuration documentation.