You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

In most cases authentication via LDAP (including the Microsoft implementation that comes with "Active Directory") will be easiest and most useful:

Adjust /opt/shibboleth-idp/conf/ldap.properties to taste, according to section "Basic Configuration" from the documentation.

Additional steps for LDAPS

If you're using LDAPS to connect to your LDAP servers (use of LDAP+STARTTLS shouldn't need anything special) be sure to also follow the steps mentioned in the LDAPonJava>8 documentation in the Shibboleth wiki, i.e. within your conf/ldap.properties config file ensure the following:

  • no trailing slash on any of your ldapURL values
  • no blanks/spaces in any of the LDAP filters
  • set the property to use the UnboundID LDAP provider

After changes to (any) property files you'll need to restart the whole container (i.e., Tomcat) for the changes to become active:

systemctl restart tomcat9

In order to test/verify your authentication configuration you may use the methodology described in our Testing an IDP documentation.

Further reading for more advanced needs:

Also, the ACOnet Team has collected working configuration examples from eduID.at community members, so you can always ask on the community mailing list or the provided support email address.

  • No labels