In most cases authentication via LDAP (including the Microsoft implementation that comes with "Active Directory") will be easiest and most useful:
Adjust /opt/shibboleth-idp/conf/ldap.properties to taste, according to section "General Configuration" from the documentation.
The properties file /opt/shibboleth-idp/credentials/secrets.properties by default contains the setting idp.authn.LDAP.bindDNCredential to be used for the password of the administrative account performing LDAP binds. In case you're planning to use the bindSearchAuthenticator authentication strategy in your ldap.properties (with a given idp.authn.LDAP.bindDN) make sure to set the corresponding password for that DN in credentials/secrets.properties!
If OTOH you intend to use the anonSearchAuthenticator in ldap.properties (only anonymous binds will be made to the configured LDAP server/s) be sure to remove the principal and principalCredential XML attributes from your LDAP DataConnector in your /opt/shibboleth-idp/conf/attribute-resolver.xml (as included in our documentation and also in conf/examples/attribute-resolver-ldap.xml).
After changes to (any) property files you'll need to restart the whole container (i.e., Tomcat) for the changes to become active:
systemctl restart tomcat9
In order to test/verify your authentication configuration you may use the methodology described in our Testing an IDP documentation.
Further reading for more advanced needs:
Also, the ACOnet Team has collected working configuration examples from eduID.at community members, so you can always ask on the community mailing list or the provided support email address.
Overview
Content Tools
Tasks