Seitenhistorie
...
| Warnung | ||||
|---|---|---|---|---|
| ||||
See out notes on deploying the Shibboleth IDPv3 IDP on RHEL/CentOS for our take on the (unfortunate) status quo. |
...
There is no point in duplicating the existing Shibboleth IDP 4.x documentation. The installation part of this guide is complete but the guide for configuration of a Shibboleth IDP is necessarily incomplete, as deployments can vary significantly and the IDP has tons of (optional) advanced features. Please use the upstream documentation for further steps or more advanced configurations, as hinted at below.
...
- Install and configure Java and Tomcat as webserver with TLS/SSL support, running Tomcat and the JVM as non-root user
- Install the Shibboleth IDP software and integrate it with Tomcat
- Load SAML Metadata using the eduID.at Metadata and eduID.at Metadata Verification Key
- For new eduID.at members: Send a copy of your IDP Metadata (by default in
/opt/shibboleth-idp/metadata/idp-metadata.xml) to the eduID.at Operations Team, ideally signed with your S/MIME or OpenPGP key.
- For new eduID.at members: Send a copy of your IDP Metadata (by default in
- Configuring authentication & attribute lookup and generation is somewhat site-dependent
- Configure attribute release filters, including controlled, automated scalable attribute release based on Service CategoriesAdd support for pairwise-id ("service-specific pseudonyms") and subject-id
Upstream documentation
Until more steps/topics are covered in the instructions in this wiki please refer to the upstream documentation and engage with the community:
| Info | ||
|---|---|---|
| ||
Please make use of the eduID.at community which has been configuring and running Shibboleth IPDs IDPs for over a decade by now! The Contact page has the details for the eduid-discuss mailing list which should be able to help you with any and all problems in this space (Shibboleth IDP-related or maybe even Identity and Access Management issues). |
...
Überblick
Inhalte
Aufgabenbericht