Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In most cases authentication via LDAP (including the Microsoft implementation that comes with "Active Directory") will be easiest and most useful:

...

iconfalse

Adjust /opt/shibboleth-idp/conf/ldap.properties to taste, according to section "Basic Configuration" from the documentation

...

.

...

No Format
systemctl restart tomcat9
Note
iconfalse
titleAdditional steps for LDAPS

If you're using LDAPS to connect to your LDAP servers (N.B.: use of LDAP+STARTTLS shouldn't be affectedneed anything special) be sure to also follow the steps mentioned in the LDAPonJava>8 documentation in the Shibboleth wiki, i.e. within your conf/ldap.properties config file ensure the following:

  • no trailing slash on any of your ldapURL values
  • no blanks/spaces in any of the LDAP filters
  • set the property to use the UnboundID LDAP provider

After changes to (any) property files you'll need to restart the whole container (i.e., Tomcat) for the changes to become active:

No Format
systemctl restart tomcat9

In order to test/verify your authentication configuration you may use the methodology described in our Testing an IDP documentation.

Further reading for more advanced needs:

...